CloseProcesses: CreateRestorePoint: EmptyTemp: VirusTotal: C:\Users\Andżej\AppData\Roaming\gameboxsetup.exe VirusTotal: C:\Users\Andżej\AppData\Roaming\Launcher_01.exe VirusTotal: C:\Users\Andżej\AppData\Local\1CDBEE2.cmd HKLM-x32\...\Run: [] => [X] HKU\S-1-5-21-2900155969-624845500-4125627290-1000\...\MountPoints2: {04e29fab-7a98-11e7-9855-806e6f6e6963} - F:\Setup_Testy_A.exe HKU\S-1-5-21-2900155969-624845500-4125627290-1000\...\MountPoints2: {dc6857cf-7a99-11e7-9100-90e6ba2f4add} - G:\SETUP.EXE HKU\S-1-5-21-2900155969-624845500-4125627290-1000\...\Winlogon: [Shell] C:\Windows\System32\cmd.exe [345088 2010-11-21] (Microsoft Corporation) <==== UWAGA HKU\S-1-5-21-2900155969-624845500-4125627290-1000\...\Command Processor: @mode 15,1 & tasklist /FI "IMAGENAME eq SoundMixer.exe" 2>NUL | find /I /N "SoundMixer.exe">NUL && exit & if exist "C:\Users\Andżej\AppData\Roaming\Microsoft\SoundMixer\SoundMixer.exe" ( start /MIN "" "C:\Users\Andżej\AppData\Roaming\Microsoft\SoundMixer\SoundMixer.exe" & tasklist /FI "IMAGENAME eq explorer.exe" 2>NUL | find /I /N "explorer.exe">NUL && exit & explorer.exe & exit ) else ( tasklist /FI "IMAGENAME eq explorer.exe" 2>NUL | find /I /N "explorer.exe">NUL && exit & explorer.exe & exit ) <==== UWAGA GroupPolicy\User: Ograniczenia ? <==== UWAGA Tcpip\..\Interfaces\{34F77268-A18E-48C1-800E-68396BE7669E}: [DhcpNameServer] 192.168.42.129 Tcpip\..\Interfaces\{A5017CB6-BBFD-4ECC-892E-51F1A83AC8F7}: [DhcpNameServer] 192.168.0.1 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?bcutc=sp-006 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms} HKU\S-1-5-21-2900155969-624845500-4125627290-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms} HKU\S-1-5-21-2900155969-624845500-4125627290-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?bcutc=sp-006 HKU\S-1-5-21-2900155969-624845500-4125627290-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pl-pl/?ocid=iehp SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms} SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms} SearchScopes: HKU\S-1-5-21-2900155969-624845500-4125627290-1000 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms} SearchScopes: HKU\S-1-5-21-2900155969-624845500-4125627290-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms} SearchScopes: HKU\S-1-5-21-2900155969-624845500-4125627290-1000 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={searchTerms}&fr=ntg&product_id=%7BA48A1D17-B18B-44F9-8714-CC9581C89033%7D&gp=811142 CHR HomePage: Default -> inline.go.mail.ru CHR StartupUrls: Default -> "hxxp://www.google.pl/","hxxp://websearch.soft-quick.info/","hxxp://websearch.good-results.info/?pid=724&r=2013/02/07&hid=1909747957&lg=EN&cc=PL","hxxp://websearch.simplespeedy.info/","hxxp://google.pl/","hxxp://mail.ru/cnt/10445?gp=811141" CHR HKLM-x32\...\Chrome\Extension: [bhjhnafpiilpffhglajcaepjbnbjemci] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [enafhpjmlnpmbdnbpjkihmadnkfnpiim] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [hcadgijmedbfgciegjomfpjcdchlhnif] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [ofoeigeaodhbjogdigckajfhjbonaofg] - hxxps://clients2.google.com/service/update2/crx CustomCLSID: HKU\S-1-5-21-2900155969-624845500-4125627290-1000_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Andżej\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileCoAuthLib64.dll => Brak pliku ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku Task: {17D8F67F-110A-4106-BE6A-0B0CF985F5DF} - System32\Tasks\Opera scheduled Autoupdate 1508843179 => C:\Users\Andżej\AppData\Local\Programs\Opera\launcher.exe Task: {32CA2689-7F10-4BE1-A03C-6EAD90F9026E} - \Chromium menar -> Brak pliku <==== UWAGA Task: {DE09FCDD-9245-4D81-897A-F4740D5A3434} - \A57009344937 -> Brak pliku <==== UWAGA C:\Users\Andżej\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CodeBlocks\CodeBlocks.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bloodshed Dev-C++\Dev-C++.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bloodshed Dev-C++\License.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bloodshed Dev-C++\Uninstall Dev-C++.lnk C:\Users\Andżej\Desktop\DAWID\kk\Tor Browser\Start Tor Browser.lnk C:\Users\Andżej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk C:\Users\Andżej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CodeBlocks\CodeBlocks (Launcher).lnk C:\Users\Andżej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CodeBlocks\CodeBlocks CBP2Make.lnk C:\Users\Andżej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CodeBlocks\CodeBlocks Share Config.lnk C:\Users\Andżej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CodeBlocks\CodeBlocks.lnk C:\Users\Andżej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CodeBlocks\Uninstall CodeBlocks.lnk C:\Users\Andżej\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\CodeBlocks.lnk C:\Users\Andżej\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk C:\Users\Andżej\Favorites\Mail.Ru Агент - используй для общения!.url C:\Users\Andżej\Favorites\Mail.Ru.url