CloseProcesses:
CreateRestorePoint:
EmptyTemp:
File: C:\Program Files (x86)\Fava\Reed.exe
File: C:\ProgramData\FlashSys\CurlMSI.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Asystent aktualizacji do systemu Windows 10.lnk
C:\Users\BirdyR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bitdefender Antivirus Free.lnk
FirewallRules: [{F92D89B3-8609-4073-AF62-29BB8E9F6E81}] => (Allow) C:\Users\BirdyR\AppData\Local\Temp\EpInsNav\DL\3013\Network\EpsonNetSetup\Data\ENEasyApp.exe Brak pliku
FirewallRules: [{AFFC2C4C-FF7C-4941-A2D6-6233AC88E293}] => (Allow) C:\Users\BirdyR\AppData\Local\Temp\EpInsNav\DL\3013\Network\EpsonNetSetup\Data\ENEasyApp.exe Brak pliku
HKLM\...\Run: [Compuware] => C:\Program Files (x86)\Faintness\Reed.exe [12800 2019-06-14] () [Brak podpisu cyfrowego]
HKLM\...\Run: [Amigos] => C:\Program Files (x86)\lapses\Preoccupation.exe [12800 2019-06-14] () [Brak podpisu cyfrowego]
HKLM\...\Run: [Beldon] => C:\Program Files (x86)\Fava\Reed.exe [12800 2019-06-14] () [Brak podpisu cyfrowego]
HKLM-x32\...\Run: [Twig] => C:\Program Files (x86)\Faintness\Reed.exe [12800 2019-06-14] () [Brak podpisu cyfrowego]
HKLM-x32\...\Run: [Categorizes] => C:\Program Files (x86)\lapses\Preoccupation.exe [12800 2019-06-14] () [Brak podpisu cyfrowego]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA
HKU\S-1-5-21-3867596475-2125287544-2731016663-1001\...\Run: [obhaut] => C:\Users\BirdyR\AppData\Local\obhaut.dll [16384 2019-06-14] () [Brak podpisu cyfrowego] <==== UWAGA
HKU\S-1-5-21-3867596475-2125287544-2731016663-1001\...\Run: [Overambitious] => C:\Program Files (x86)\Faintness\Reed.exe [12800 2019-06-14] () [Brak podpisu cyfrowego]
HKU\S-1-5-21-3867596475-2125287544-2731016663-1001\...\Run: [Expo] => C:\Program Files (x86)\lapses\Preoccupation.exe [12800 2019-06-14] () [Brak podpisu cyfrowego]
HKU\S-1-5-21-3867596475-2125287544-2731016663-1001\...\Run: [Dabba] => C:\Program Files (x86)\Fava\Reed.exe [12800 2019-06-14] () [Brak podpisu cyfrowego]
HKU\S-1-5-21-3867596475-2125287544-2731016663-1001\...\Run: [Regionalization] => C:\Program Files (x86)\Faintness\Reed.exe [12800 2019-06-14] () [Brak podpisu cyfrowego]
HKU\S-1-5-21-3867596475-2125287544-2731016663-1001\...\Run: [Awkward] => C:\Program Files (x86)\lapses\Preoccupation.exe [12800 2019-06-14] () [Brak podpisu cyfrowego]
HKU\S-1-5-21-3867596475-2125287544-2731016663-1001\...\Run: [Lovelace] => C:\Program Files (x86)\Fava\Reed.exe [12800 2019-06-14] () [Brak podpisu cyfrowego]
HKU\S-1-5-21-3867596475-2125287544-2731016663-1001\...\Run: [overinflated] => C:\Program Files (x86)\Faintness\Reed.exe [12800 2019-06-14] () [Brak podpisu cyfrowego]
HKU\S-1-5-21-3867596475-2125287544-2731016663-1001\...\MountPoints2: {3708d1e0-8a7b-11e9-a0bc-f0038cd88df4} - "F:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-3867596475-2125287544-2731016663-1001\...\MountPoints2: {97f1dbbe-ca4f-11e8-b891-88d7f69c2f4f} - "H:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-3867596475-2125287544-2731016663-1001\...\MountPoints2: {e924348c-57de-11e9-a0b5-f0038cd88df4} - "F:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-3867596475-2125287544-2731016663-1001\...\MountPoints2: {fc768a06-42f3-11e9-a0b1-f0038cd88df4} - "F:\HiSuiteDownLoader.exe" 
Startup: C:\Users\BirdyR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\timothy.lnk [2019-06-14]
ShortcutTarget: timothy.lnk -> C:\Program Files (x86)\Faintness\Reed.exe () [Brak podpisu cyfrowego]
Startup: C:\Users\BirdyR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\timothytimothy.lnk [2019-06-14]
ShortcutTarget: timothytimothy.lnk -> C:\Program Files (x86)\lapses\Preoccupation.exe () [Brak podpisu cyfrowego]
CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <==== UWAGA
Task: {2E17266C-5F1F-4668-B38E-D2B78E3B36D4} - System32\Tasks\hausen-unplannedhausen-unplanned => C:\Program Files (x86)\lapses\Preoccupation.exe [12800 2019-06-14] () [Brak podpisu cyfrowego]
Task: {35D35DAF-758B-457E-8F86-FB502B6D91F5} - System32\Tasks\Opera scheduled Autoupdate 1543840713 => C:\Users\Oliwia\AppData\Local\Programs\Opera\launcher.exe [1408600 2018-11-27] (Opera Software AS -> Opera Software)
Task: {587F42EB-1B4B-41AA-92D1-A705F80F1DDF} - System32\Tasks\R@1n-KMS\Office16ProPlus => wmic path SoftwareLicensingProduct where (ID="d450596f-894d-49e0-966a-fd39ed4c4c64") call Activate
Task: {61C166DF-AF31-4601-B394-5F662E5CB622} - System32\Tasks\FlashServis => C:\ProgramData\FlashSys\CurlMSI.exe [6838272 2019-06-14] () [Brak podpisu cyfrowego]
Task: {6AD79302-98FB-4D61-B8E5-51D012D3345D} - System32\Tasks\cupola piratical casettecupola piratical casette => C:\Users\BirdyR\AppData\Local\Reed.exe [12800 2019-06-14] () [Brak podpisu cyfrowego]
Task: {963B4BC5-458F-4389-B94F-9A8460A028B6} - System32\Tasks\7ZipUnis => C:\Users\BirdyR\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\7ZipArchiver\volumfix.exe [7338496 2019-06-14] () [Brak podpisu cyfrowego]
Task: {9A0A6996-75EC-426C-90C1-BB51889FB62E} - System32\Tasks\margemarge => C:\Program Files (x86)\perfumed\perfumed.exe [9216 2019-06-14] () [Brak podpisu cyfrowego]
Task: {B397F537-FA8C-40B4-9C35-D9C0991DC7CB} - System32\Tasks\ficklenessfickleness => C:\Program Files (x86)\Faintness\Reed.exe [12800 2019-06-14] () [Brak podpisu cyfrowego]
Task: {BF6A6C8C-DD75-4252-BFAC-5A972A73D453} - System32\Tasks\R@1n-KMS\Windows64Core => wmic path SoftwareLicensingProduct where (ID="58e97c99-f377-4ef1-81d5-4ad5522b5fd8") call Activate
Task: {C3D3264B-8D78-4420-A243-792D0197084B} - System32\Tasks\lilli finishedlilli finished => C:\Program Files (x86)\Fava\Preoccupation.exe [12800 2019-06-14] () [Brak podpisu cyfrowego]
Task: {CA73A2D3-B10C-4905-9BA1-6B6AD9DAF646} - System32\Tasks\Opera scheduled Autoupdate 1541961271 => C:\Users\BirdyR\AppData\Local\Programs\Opera\launcher.exe [1493592 2019-06-05] (Opera Software AS -> Opera Software)
Task: {E11CDF9D-0667-41F8-A890-FFCFE44012D7} - System32\Tasks\pristine_calamitiespristine_calamities => C:\Program Files (x86)\Fava\Reed.exe [12800 2019-06-14] () [Brak podpisu cyfrowego]
Task: {F272B924-1D69-4F06-A973-53E4EE54734B} - System32\Tasks\manaus_harmsenmanaus_harmsen => C:\Users\BirdyR\AppData\Local\Preoccupation.exe [12800 2019-06-14] () [Brak podpisu cyfrowego]
Tcpip\..\Interfaces\{0c55f9b4-6f13-44b5-9d39-64f5915ab73b}: [DhcpNameServer] 192.168.178.37
Tcpip\..\Interfaces\{c2269037-2150-4bd2-a921-203eb6bb8dc4}: [DhcpNameServer] 192.168.10.1
FF HKLM\...\Firefox\Extensions: [{A2ED22DD-042E-42A1-9B75-E89F071C193C}] - C:\WINDOWS\Installer\{AE160107-E2FC-43FC-8370-E1775059606D}\{A2ED22DD-042E-42A1-9B75-E89F071C193C}.xpi => nie znaleziono
FF HKLM-x32\...\Firefox\Extensions: [{A2ED22DD-042E-42A1-9B75-E89F071C193C}] - C:\WINDOWS\Installer\{AE160107-E2FC-43FC-8370-E1775059606D}\{A2ED22DD-042E-42A1-9B75-E89F071C193C}.xpi => nie znaleziono
CHR HKLM-x32\...\Chrome\Extension: [ofoeigeaodhbjogdigckajfhjbonaofg] - hxxps://clients2.google.com/service/update2/crx
2019-06-14 10:20 - 2019-06-14 10:51 - 000000000 ____D C:\ProgramData\{FC7DB5C5-505F-8C9B-274D-180027AA4151}
2019-06-14 10:20 - 2019-06-14 10:51 - 000000000 ____D C:\ProgramData\{38095DDF-B845-48EF-3DA5-6CC43D423595}
2019-06-14 10:19 - 2019-06-14 10:19 - 000000266 __RSH C:\ProgramData\ntuser.pol
2019-06-14 10:18 - 2019-06-14 10:20 - 000000000 ____D C:\Users\Public\{4f44f9cd-e5db-11e8-a09f-806e6f6e6963}
2019-06-14 10:18 - 2019-06-14 10:18 - 000000000 ____D C:\ProgramData\Pader
2019-06-14 10:18 - 2019-06-14 10:18 - 000000000 ____D C:\ProgramData\c1YU6X0M
2019-06-14 10:15 - 2019-06-14 10:15 - 000003956 _____ C:\WINDOWS\System32\Tasks\cupola piratical casettecupola piratical casette
2019-06-14 10:15 - 2019-06-14 10:15 - 000003934 _____ C:\WINDOWS\System32\Tasks\manaus_harmsenmanaus_harmsen
2019-06-14 10:15 - 2019-06-14 10:15 - 000003932 _____ C:\WINDOWS\System32\Tasks\pristine_calamitiespristine_calamities
2019-06-14 10:15 - 2019-06-14 10:15 - 000003928 _____ C:\WINDOWS\System32\Tasks\lilli finishedlilli finished
2019-06-14 10:15 - 2019-06-14 10:15 - 000003906 _____ C:\WINDOWS\System32\Tasks\ficklenessfickleness
2019-06-14 10:15 - 2019-06-14 10:15 - 000003892 _____ C:\WINDOWS\System32\Tasks\margemarge
2019-06-14 10:14 - 2019-06-14 10:53 - 000000000 ___HD C:\Program Files (x86)\summons
2019-06-14 10:14 - 2019-06-14 10:52 - 000000000 ____D C:\Program Files (x86)\Minolta
2019-06-14 10:14 - 2019-06-14 10:15 - 000000000 ____D C:\ProgramData\Optimizer
2019-06-14 10:14 - 2019-06-14 10:14 - 000003942 _____ C:\WINDOWS\System32\Tasks\hausen-unplannedhausen-unplanned
2019-06-14 10:14 - 2019-06-14 10:14 - 000000012 _____ C:\WINDOWS\b10113375
2019-06-14 10:14 - 2019-06-14 10:14 - 000000000 ___HD C:\Program Files (x86)\Fava
2019-06-14 10:14 - 2019-06-14 10:14 - 000000000 ____D C:\Program Files (x86)\perfumed
2019-06-14 10:14 - 2019-06-14 10:14 - 000000000 ____D C:\Program Files (x86)\lapses
2019-06-14 10:14 - 2019-06-14 10:14 - 000000000 ____D C:\Program Files (x86)\Inlog Software
2019-06-14 10:14 - 2019-06-14 10:14 - 000000000 ____D C:\Program Files (x86)\foldershare
2019-06-14 10:14 - 2019-06-14 10:14 - 000000000 ____D C:\Program Files (x86)\Faintness
2019-06-14 10:14 - 2019-06-14 10:14 - 000000000 ____D C:\Program Files (x86)\CompanySmartApp
2019-06-14 10:13 - 2019-06-14 10:13 - 000000000 ____D C:\Users\BirdyR\AppData\Local\AdvinstAnalytics
2019-06-14 10:07 - 2019-06-14 10:07 - 005323320 _____ C:\Users\BirdyR\Downloads\KMSPico 10.2.2 [DazTeam.TW].zip
2019-06-14 10:07 - 2019-06-14 10:07 - 000000000 ___SH C:\Users\BirdyR\AppData\Roaming\6
2019-06-14 10:00 - 2019-06-14 10:00 - 000000000 ____D C:\ProgramData\rKATGqziJA
2019-06-14 09:55 - 2019-06-14 10:07 - 000000000 __SHD C:\ProgramData\FlashSys
2019-06-14 09:55 - 2019-06-14 09:55 - 000003632 _____ C:\WINDOWS\System32\Tasks\7ZipUnis
2019-06-14 09:55 - 2019-06-14 09:55 - 000003520 _____ C:\WINDOWS\System32\Tasks\FlashServis
2019-06-14 09:54 - 2019-06-14 10:14 - 000722944 _____ C:\Users\BirdyR\AppData\Local\sha.db
2019-06-14 09:54 - 2019-06-14 09:54 - 000140800 _____ C:\Users\BirdyR\AppData\Local\installer.dat
2019-06-14 09:53 - 2019-06-14 15:52 - 000000000 ____D C:\Program Files (x86)\KMSPico
2019-06-14 09:53 - 2019-06-14 09:53 - 000016384 _____ C:\Users\BirdyR\AppData\Local\obhaut.dll
2019-06-14 06:42 - 2019-06-14 06:42 - 000012800 _____ C:\WINDOWS\treasured.exe
2019-06-14 06:42 - 2019-06-14 06:42 - 000012800 _____ C:\Users\BirdyR\AppData\Local\Reed.exe
2019-06-14 06:42 - 2019-06-14 06:42 - 000012800 _____ C:\Users\BirdyR\AppData\Local\Preoccupation.exe
2019-06-13 18:13 - 2019-06-13 18:13 - 000588934 _____ C:\Users\BirdyR\AppData\Roaming\fdfbvd.exe
2019-06-08 06:38 - 2018-11-11 20:34 - 000004196 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1541961271
2019-06-14 10:07 - 2019-06-14 10:07 - 000000000 ___SH () C:\Users\BirdyR\AppData\Roaming\6
2019-06-13 18:13 - 2019-06-13 18:13 - 000588934 _____ () C:\Users\BirdyR\AppData\Roaming\fdfbvd.exe
2019-06-14 09:54 - 2019-06-14 09:54 - 000140800 _____ () C:\Users\BirdyR\AppData\Local\installer.dat
2019-06-14 09:53 - 2019-06-14 09:53 - 000016384 _____ () C:\Users\BirdyR\AppData\Local\obhaut.dll
2019-06-14 06:42 - 2019-06-14 06:42 - 000012800 _____ () C:\Users\BirdyR\AppData\Local\Preoccupation.exe
2019-06-14 06:42 - 2019-06-14 06:42 - 000012800 _____ () C:\Users\BirdyR\AppData\Local\Reed.exe
2019-06-14 09:54 - 2019-06-14 10:14 - 000722944 _____ () C:\Users\BirdyR\AppData\Local\sha.db
2019-06-14 06:42 - 2019-06-14 06:42 - 000012800 _____ () [Brak podpisu cyfrowego] C:\Program Files (x86)\Fava\Preoccupation.exe
2019-06-14 06:42 - 2019-06-14 06:42 - 000012800 _____ () [Brak podpisu cyfrowego] C:\Program Files (x86)\Fava\Reed.exe
2019-06-14 09:53 - 2019-06-14 09:53 - 000016384 _____ () [Brak podpisu cyfrowego] C:\Users\BirdyR\AppData\Local\obhaut.dll
2019-06-14 10:06 - 2019-06-14 10:06 - 007338496 ___SH () [Brak podpisu cyfrowego] C:\Users\BirdyR\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\7ZipArchiver\volumfix.exe
HOSTS:
RemoveProxy: