CloseProcesses: CreateRestorePoint: EmptyTemp: VirusTotal: C:\Users\Czechu\AppData\Roaming\kUIDi.exe VirusTotal: C:\Users\Czechu\AppData\Local\IUVHXR.exe HKU\S-1-5-21-3555358023-88972687-1571437051-1000\...\MountPoints2: {0dc186fa-29e0-11e8-b274-d43d7eb58242} - F:\LaunchU3.exe -a HKU\S-1-5-21-3555358023-88972687-1571437051-1000\...\MountPoints2: {c48d2ee7-34d7-11e8-a4b9-d43d7eb58242} - H:\HiSuiteDownLoader.exe ShortcutTarget: Wysyłanie do programu OneNote.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Brak pliku) CHR HKLM-x32\...\Chrome\Extension: [gannpgaobkkhmpomoijebaigcapoeebl] - hxxps://clients2.google.com/service/update2/crx U3 aswbdisk; Brak ImagePath S3 VGPU; System32\drivers\rdvgkmd.sys [X] 2009-07-14 03:14 - 2009-07-14 03:14 - 000073216 ____N (Microsoft Corporation) C:\Users\Czechu\AppData\Roaming\kUIDi.exe 2009-07-14 03:14 - 2009-07-14 03:14 - 000186368 ____N (Microsoft Corporation) C:\Users\Czechu\AppData\Roaming\wYOrcuvaCi.exe 2009-07-14 03:14 - 2009-07-14 03:14 - 000073216 ____N (Microsoft Corporation) C:\Users\Czechu\AppData\Local\IUVHXR.exe ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku Task: {3A6D6BB0-E7A7-4B47-B1B8-98223ED4F8F1} - System32\Tasks\{6F52DC6F-0B79-407B-AEC5-F772A0167450} => C:\Windows\system32\pcalua.exe -a E:\setup.exe -d E:\ Task: {AC325AA8-16E4-4C1B-9C15-CBB627A18925} - System32\Tasks\{699A13EA-880E-4A62-96B8-07FB00350EC8} => C:\Windows\system32\pcalua.exe -a "D:\Program Files (x86)\Deluxe Ski Jump 4\Setup.exe" -d "D:\Program Files (x86)\Deluxe Ski Jump 4" Task: {FCF8B1FC-75AF-4C00-95F1-5D97830F72DE} - System32\Tasks\{059748B7-8D11-4CD7-A79C-9FFBD77F39AC} => C:\Users\Czechu\AppData\Roaming\kUIDi.exe [2009-07-14] (Microsoft Corporation) <==== UWAGA AlternateDataStreams: C:\Users\Public\AppData:CSM [464] FirewallRules: [{F151B55E-E05F-4747-AADF-854BF6BA99A9}] => (Allow) C:\Users\Czechu\AppData\Roaming\kUIDi.exe FirewallRules: [{7CB47AAF-9259-4A46-85F8-6F697D0607F5}] => (Allow) C:\Users\Czechu\AppData\Local\IUVHXR.exe CMD: dir /a "C:\Users\Czechu\AppData\Roaming" CMD: dir /a "C:\Users\Czechu\AppData\Local"