CloseProcesses: CreateRestorePoint: EmptyTemp: HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation) HKLM-x32\...\Run: [Smart File Advisor] => C:\Program Files (x86)\Smart File Advisor\sfa.exe [282352 2017-06-19] (Filefacts.net) HKLM-x32\...\Run: [SFAUpdater] => C:\Program Files (x86)\Smart File Advisor\SFAUpdater.exe [656656 2015-03-27] (Filefacts.net) HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA Startup: C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GamerHash.lnk [2018-01-06] ShortcutTarget: GamerHash.lnk -> C:\Users\Adam\AppData\Local\GamerHash\GamerHashLauncher.exe () Hosts: W pliku Hosts jest więcej niż jedno wejście. Sprawdź sekcję Hosts w Addition.txt HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131614646496494110&GUID=44EFDE88-F72D-464A-A20B-C0C33EB8B370 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-3809559754-3564192172-4191794475-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131614646496505036&GUID=44EFDE88-F72D-464A-A20B-C0C33EB8B370 SearchScopes: HKLM -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-3809559754-3564192172-4191794475-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.) Toolbar: HKU\S-1-5-21-3809559754-3564192172-4191794475-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [Brak pliku] CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx U3 idsvc; Brak ImagePath ContextMenuHandlers1: [WinRAR] -> __{B41DB860-64E4-11D2-9906-E49FADC173CA} => -> Brak pliku ContextMenuHandlers1: [WinRAR32] -> __{B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> Brak pliku ContextMenuHandlers1_S-1-5-21-3809559754-3564192172-4191794475-1001: [GGDriveMenu] -> {E68D0A55-3C40-4712-B90D-DCFA93FF2534} => -> Brak pliku ContextMenuHandlers4_S-1-5-21-3809559754-3564192172-4191794475-1001: [GGDriveMenu] -> {E68D0A55-3C40-4712-B90D-DCFA93FF2534} => -> Brak pliku ContextMenuHandlers5_S-1-5-21-3809559754-3564192172-4191794475-1001: [GGDriveMenu] -> {E68D0A55-3C40-4712-B90D-DCFA93FF2534} => -> Brak pliku Task: {017444BC-9907-4C0E-93F7-35DF07FBA8AD} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe Task: {125EE96A-27D2-46A1-965B-498E51A09487} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe Task: {1D5C41A9-BEF7-4698-8792-4266653E03E5} - \Microsoft\Windows\UNP\RunCampaignManager -> Brak pliku <==== UWAGA Task: {376348CA-0FFB-4597-8334-4D4AAC554B76} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Brak pliku <==== UWAGA Task: {3B4EF02A-242B-428C-A3A1-69C89699D5CC} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe Task: {3E0D602B-7E38-401F-803F-FD629CE37483} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe Task: {430C68C0-C8D0-46EF-B899-A20B56F85490} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe Task: {49BE3F5A-D26C-40A0-91DB-5207D05DB486} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Brak pliku <==== UWAGA Task: {4BBF2B23-FC7B-44A7-A257-5D09170780EF} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe Task: {4CD71848-8575-462E-BE0A-D59E50F9492D} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe Task: {64027243-5367-4017-AAF8-3753EED663E6} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe Task: {65DB77C7-C08F-4E68-821A-FE72E7C18DE5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Brak pliku <==== UWAGA Task: {6C132D92-5846-438D-BCFA-083C97372207} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Brak pliku <==== UWAGA Task: {7707E98B-E694-4122-9677-7AA0251B8D23} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {856AD880-C866-4199-AD76-BB038AABCC2D} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {90E42183-FEE3-4D3E-885C-1ABCA45C1587} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe Task: {923E3781-44DF-4BB6-BE17-32E22C13AEBA} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {94348A7B-9369-4219-8A61-976AF24422FD} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe Task: {9672705B-BE63-41A6-BFA6-D07C61BBE1F2} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe Task: {9B1823DF-F0F3-4A65-8677-070B065DA3F8} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe Task: {9D663D93-9AF1-48A3-96A2-523FB0294A68} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Brak pliku <==== UWAGA Task: {A1EA914B-FB74-4BAA-AD42-BB86962087C4} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe Task: {A77CF8AB-6D18-47AC-9FD2-FD5833A685C9} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> Brak pliku <==== UWAGA Task: {A7F33943-B5EA-4B91-A921-0015A435E563} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe Task: {AA11863F-BD58-4547-83C3-9FF67DA9FC28} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Brak pliku <==== UWAGA Task: {AE9E9691-2833-47A2-B550-4BC81A305ECF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Brak pliku <==== UWAGA Task: {C1DB24A2-31F3-4B7F-A15A-0144AA62D312} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.) Task: {CC0BB204-ECE7-4828-AB93-1E06DA63CA40} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {CCFBAD4E-AE8D-4CAC-BDDE-2841CE51E08E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Brak pliku <==== UWAGA Task: {CD1CB954-8B94-47C0-B868-BCA66A73BC6B} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Brak pliku <==== UWAGA Task: {CEE50C25-FE4B-4E77-9E21-3181374C0FB6} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe Task: {D01323E0-4385-48BF-AB06-F4CB1DFE1BC8} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe Task: {E4382247-A9A5-4D6B-887B-87325B34AC23} - System32\Tasks\{A42F086C-C232-48D9-9EA9-68C3FB1E7D20} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxp://ui.skype.com/ui/0/7.2.0.103/pl/abandoninstall?page=tsBing Task: {E5AFEAA2-88D7-4658-B6C8-8A02FDEC3009} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Brak pliku <==== UWAGA Task: {E6BC219F-D54A-4BAC-A323-C2B6FD36924A} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe Task: {E9EEED6C-F9EA-40D7-A7AF-78AB68934B44} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Brak pliku <==== UWAGA Task: {EC269E7F-5999-4ED0-9A0C-8DC45EA4BB19} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.) Task: {ED3ACFDC-307A-4A23-A9BB-F27C6E7ED23F} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe Task: {FDBF2E8E-F608-4E5B-A35B-7D88B7CCBCFC} - System32\Tasks\{C1458625-54C2-4C39-B182-0C8F9D420377} => "C:\Program Files\Internet Explorer\iexplore.exe" hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=5.8.0.154&LastError=404 Task: C:\WINDOWS\Tasks\Nero TuneItUp PRO (Autopilot.exe).job => C:\Program Files (x86)\Nero\Nero TuneItUp\Autopilot.exe C:\Program Files (x86)\Nero\Nero TuneItUp\Adam-Komputer\AdamNero TuneItUp PRO (Autopilot.exe Task: C:\WINDOWS\Tasks\Nero TuneItUp PRO.job => C:\Program Files (x86)\Nero\Nero TuneItUp\TuneItUp.exe AlternateDataStreams: C:\Users\Adam\Desktop\goska 1.jpeg:3or4kl4x13tuuug3Byamue2s4b [81] AlternateDataStreams: C:\Users\Adam\Desktop\goska 1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0] AlternateDataStreams: C:\Users\Adam\Desktop\goska 2.jpeg:3or4kl4x13tuuug3Byamue2s4b [81] AlternateDataStreams: C:\Users\Adam\Desktop\goska 2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0] AlternateDataStreams: C:\Users\Adam\Desktop\goska 3.jpeg:3or4kl4x13tuuug3Byamue2s4b [81] AlternateDataStreams: C:\Users\Adam\Desktop\goska 3.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0] AlternateDataStreams: C:\Users\Adam\Desktop\goska 4.jpeg:3or4kl4x13tuuug3Byamue2s4b [81] AlternateDataStreams: C:\Users\Adam\Desktop\goska 4.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0] FirewallRules: [UDP Query User{B05AEC24-FA86-4E8C-8324-EE284493F9AE}C:\users\adam\appdata\local\gamerhash\miners\claymore_cryptonote_v1\nscpucnminer64.gh] => (Allow) C:\users\adam\appdata\local\gamerhash\miners\claymore_cryptonote_v1\nscpucnminer64.gh FirewallRules: [TCP Query User{BAE46B4F-8169-4636-9344-EC0FD1DF2227}C:\users\adam\appdata\local\gamerhash\miners\claymore_cryptonote_v1\nscpucnminer64.gh] => (Allow) C:\users\adam\appdata\local\gamerhash\miners\claymore_cryptonote_v1\nscpucnminer64.gh FirewallRules: [UDP Query User{A0ADE15F-CFD3-4770-87C4-B1BA086B520B}C:\users\adam\appdata\local\gamerhash\1.10.4\bin\claymore_cryptonote\nscpucnminer64.gh] => (Block) C:\users\adam\appdata\local\gamerhash\1.10.4\bin\claymore_cryptonote\nscpucnminer64.gh FirewallRules: [TCP Query User{71379C02-C2DD-4068-8D09-8E99D0A35074}C:\users\adam\appdata\local\gamerhash\1.10.4\bin\claymore_cryptonote\nscpucnminer64.gh] => (Block) C:\users\adam\appdata\local\gamerhash\1.10.4\bin\claymore_cryptonote\nscpucnminer64.gh FirewallRules: [TCP Query User{9AD0F3DB-AA3F-448F-8E08-2978B43FF293}C:\users\adam\appdata\local\gamerhash\1.10.4\bin\claymore_cryptonote\nscpucnminer64.gh] => (Allow) C:\users\adam\appdata\local\gamerhash\1.10.4\bin\claymore_cryptonote\nscpucnminer64.gh FirewallRules: [UDP Query User{EC8EEB7E-1205-4C36-86F9-2AA4464A1807}C:\users\adam\appdata\local\gamerhash\1.10.4\bin\claymore_cryptonote\nscpucnminer64.gh] => (Allow) C:\users\adam\appdata\local\gamerhash\1.10.4\bin\claymore_cryptonote\nscpucnminer64.gh C:\Users\Adam\AppData\Local\GamerHash C:\Users\Adam\GG dysk\Testy EKG\Kurs ekg\League of Legends.lnk C:\Users\Adam\GG dysk\Testy EKG\Kurs ekg\Norton Security.lnk C:\Users\Adam\GG dysk\Testy EKG\Kurs ekg\al\Norton Security.LNK C:\Users\Adam\GG dysk\Testy EKG\Kurs ekg\al\Skype.lnk C:\Users\Adam\Desktop\GamerHash.lnk C:\Users\Adam\Desktop\Testy EKG\Kurs ekg\League of Legends.lnk C:\Users\Adam\Desktop\Testy EKG\Kurs ekg\Norton Security.lnk C:\Users\Adam\Desktop\Testy EKG\Kurs ekg\wszystko\CyberLink LabelPrint 2.5.lnk C:\Users\Adam\Desktop\Testy EKG\Kurs ekg\Ważne rzeczy\Intel(R) Wireless Display.lnk C:\Users\Adam\Desktop\Testy EKG\Kurs ekg\Ważne rzeczy\Microsoft Office 2010.lnk C:\Users\Adam\Desktop\Testy EKG\Kurs ekg\al\Norton Security.LNK C:\Users\Adam\Desktop\Testy EKG\Kurs ekg\al\Skype.lnk C:\Users\Adam\Desktop\pulpit\GamerHash.lnk C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GamerHash.lnk C:\Users\Adam\AppData\Local\GG\Application.old\gg.lnk CMD: netsh advfirewall reset CMD: ipconfig /flushdns Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"}