CloseProcesses:
CreateRestorePoint:
EmptyTemp:
VirusTotal: C:\Program Files (x86)\Common Files\crowminio\productupdt.exe
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA
HKU\S-1-5-21-1103937812-1137546512-3033319732-1000\...\Run: [electron.app.Filesafer] => C:\Users\Julia\AppData\Local\Temp\nsc6E3F.tmp\app\Filesafer.exe [67742208 2018-03-28] (FileSafer) <==== UWAGA
HKU\S-1-5-21-1103937812-1137546512-3033319732-1000\...\MountPoints2: G - G:\autorun.exe
HKU\S-1-5-21-1103937812-1137546512-3033319732-1000\...\MountPoints2: {1b3f90cd-704e-11e7-862d-24ec99147219} - G:\AutoRun.exe
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.gmx.com/start?src=p_jkld_pl&p=jkld&p_brw=ie&p_mkt=pl&p_tsrc=301ssg01&p_w=y1w13
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.gmx.com/start?src=p_jkld_pl&p=jkld&p_brw=ie&p_mkt=pl&p_tsrc=301ssg01&p_w=y1w13
HKU\S-1-5-21-1103937812-1137546512-3033319732-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pl-pl/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://search.gmx.com/web/result?origin=p_jkld_pl&p=jkld&p_brw=ie&p_mkt=pl&p_tsrc=301ssg01&p_w=y1w13&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://search.gmx.com/web/result?origin=p_jkld_pl&p=jkld&p_brw=ie&p_mkt=pl&p_tsrc=301ssg01&p_w=y1w13&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://search.gmx.com/web/result?origin=p_jkld_pl&p=jkld&p_brw=ie&p_mkt=pl&p_tsrc=301ssg01&p_w=y1w13&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://search.gmx.com/web/result?origin=p_jkld_pl&p=jkld&p_brw=ie&p_mkt=pl&p_tsrc=301ssg01&p_w=y1w13&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1103937812-1137546512-3033319732-1000 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxps://search.gmx.com/web/result?origin=p_jkld_pl&p=jkld&p_brw=ie&p_mkt=pl&p_tsrc=301ssg01&p_w=y1w13&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
S2 APXACC; system32\DRIVERS\appexDrv.sys [X]
U3 aswbdisk; Brak ImagePath
S3 SWDUMon; system32\DRIVERS\SWDUMon.sys [X]
S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X]
2018-05-02 14:16 - 2018-05-02 14:45 - 000000266 __RSH C:\ProgramData\ntuser.pol
2018-04-09 13:08 - 2018-04-09 13:08 - 000000000 ____D C:\Users\Julia\AppData\Local\XMEIDhqiauFdNdmlY
2018-04-02 06:10 - 2018-04-09 13:10 - 000000000 ____D C:\Users\Julia\AppData\Local\uZXQtoGdIWMmseQFj
2018-05-02 14:08 - 2018-04-01 18:10 - 000000000 ____D C:\Program Files (x86)\HroDwsJolcQKhkTVgGRxgfqejvjvd
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Brak pliku
Task: {073D9029-EE6F-4EDA-9C85-757BDF51AF1D} - System32\Tasks\{3BE904E5-4A7E-8629-AECA-59B3189A7416} => C:\Program Files (x86)\Common Files\crowminio\productupdt.exe [2013-04-27] ()
Task: C:\Windows\Tasks\{3BE904E5-4A7E-8629-AECA-59B3189A7416}.job => C:\Program Files (x86)\Common Files\CROWMI~1\PRODUC~1.EXE
FirewallRules: [TCP Query User{A398E1C2-2A65-4BC0-B174-B18BCBEB2175}C:\program files\java\jre1.8.0_161\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_161\bin\javaw.exe
FirewallRules: [UDP Query User{E67EAFC6-B128-4041-BF8F-3E53FC97C4EA}C:\program files\java\jre1.8.0_161\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_161\bin\javaw.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\San Andreas Multiplayer\San Andreas Multiplayer.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\San Andreas Multiplayer\Uninstall.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Player - Codec Pack\Uninstall.lnk
C:\ProgramData\Microsoft\Windows\GameExplorer\{FEADB085-4E5E-4272-9C13-B1BD0F55925A}\PlayTasks\4\Program konfiguracyjny.lnk
C:\ProgramData\Microsoft\Windows\GameExplorer\{FEADB085-4E5E-4272-9C13-B1BD0F55925A}\PlayTasks\3\Instrukcja do gry.lnk
C:\ProgramData\Microsoft\Windows\GameExplorer\{FEADB085-4E5E-4272-9C13-B1BD0F55925A}\PlayTasks\2\CzytajTo.txt.lnk
C:\ProgramData\Microsoft\Windows\GameExplorer\{FEADB085-4E5E-4272-9C13-B1BD0F55925A}\PlayTasks\1\Rejestruj.lnk
C:\ProgramData\Microsoft\Windows\GameExplorer\{FEADB085-4E5E-4272-9C13-B1BD0F55925A}\PlayTasks\0\Graj.lnk
C:\Users\Julia\Documents\Euro Truck Simulator 2\readme.rtf.lnk
C:\Users\Julia\Desktop\Inne pliki\Adobe Reader X.lnk
C:\Users\Julia\Desktop\Inne pliki\Avast Free Antivirus.lnk
C:\Users\Julia\Desktop\Inne pliki\Evolve.lnk
C:\Users\Julia\Desktop\Inne pliki\Facebook.lnk
C:\Users\Julia\Desktop\Inne pliki\McAfee Security Scan Plus.lnk
C:\Users\Julia\Desktop\Inne pliki\Mozilla Firefox.lnk
C:\Users\Julia\Desktop\Inne pliki\True Key.lnk
C:\Users\Julia\Desktop\Gry\Euro Truck Simulator 2.lnk
C:\Users\Julia\Desktop\Gry\Star Wars - The Old Republic.lnk
C:\Users\Julia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Total War Arena\Total War Arena.lnk
C:\Users\Julia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Total War Arena.lnk
CMD: dir /a "C:\Users\Julia\AppData\Local\"
CMD: dir /a "C:\Program Files (x86)"