CloseProcesses:
CreateRestorePoint:
EmptyTemp:
HKLM\...\Policies\Explorer: [NoRemoteRecursiveEvents] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-18\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0
Tcpip\..\Interfaces\{10BA1022-7ADD-45D2-9015-5370851CA792}: [DhcpNameServer] 192.168.0.1 192.168.0.1
Tcpip\..\Interfaces\{A82676F9-D3B9-4A1F-9A2D-0B17C1D83299}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{A82676F9-D3B9-4A1F-9A2D-0B17C1D83299}: [DhcpNameServer] 192.168.1.1
SearchScopes: HKLM -> Google URL = hxxp://www.google.ru/search?hl=ru&q={searchTerms}\
SearchScopes: HKLM -> Wikipedia URL = hxxp://ru.wikipedia.org/wiki/{searchTerms}\
SearchScopes: HKLM -> Yahoo URL = hxxp://ru.search.yahoo.com/search?p={searchTerms}\
SearchScopes: HKLM -> Yandex URL = hxxp://www.yandex.ru/yandsearch?stype=&nl=0&text={searchTerms}\
SearchScopes: HKU\S-1-5-21-1387484163-1762537740-553820101-1000 -> DefaultScope {97ED1C83-B720-415B-8A20-AAE84F23A83F} URL = hxxp://www.nav-pl.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1387484163-1762537740-553820101-1000 -> Google URL = 
SearchScopes: HKU\S-1-5-21-1387484163-1762537740-553820101-1000 -> Wikipedia URL = 
SearchScopes: HKU\S-1-5-21-1387484163-1762537740-553820101-1000 -> {97ED1C83-B720-415B-8A20-AAE84F23A83F} URL = hxxp://www.nav-pl.com/search?q={searchTerms}
BHO: Brak nazwy -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> Brak pliku
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -  Brak pliku
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [Brak pliku]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
S3 catchme; \??\C:\Users\Ania\AppData\Local\Temp\catchme.sys [X] <==== UWAGA
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
2019-01-07 13:55 - 2019-01-07 13:55 - 004402984 _____ (Microsoft Corporation) C:\Users\Ania\Microsoft PowerPoint 2007.exe
2018-08-17 18:47 - 2018-08-17 18:47 - 000000000 _____ () C:\Users\Ania\AppData\Local\{31A9DCA7-B9AF-40D1-8EFE-89C0D750D2C2}
2014-06-26 20:59 - 2014-06-26 20:59 - 000000000 _____ () C:\Users\Ania\AppData\Local\{A6A61490-5921-4832-B799-840C9E7E53B3}
2018-08-17 18:47 - 2018-08-17 18:47 - 000000000 _____ () C:\Users\Ania\AppData\Local\{AC9E5579-7925-4C2D-AE3D-97D38F90A0E0}
2018-08-17 18:47 - 2018-08-17 18:47 - 000000000 _____ () C:\Users\Ania\AppData\Local\{BADE3E90-CF2C-4C6C-9862-CBA7046B800B}
Task: {0997DBFC-8E1C-4735-96C7-E9CCDB95E594} - System32\Tasks\Facebook1 => C:\Program Files\Internet Explorer\IEXPLORE.EXE hxxps://www.facebook.com/campaign/landing.php?campaign_id=572665646222743&keyword=PjWnQnsfhjoOaoZPfxnzR39q9E9tL6cLdm7zTnJs8k98bfBKfm3wS3hk5RAtOqYNdhqiHC4%2BrBAgA5QaKT2zD20%2FsRx4bv5NeG3wTHxp9El%2B%2FlEAAABLXMN%2F&extra_2=PL&placement=100&creative=webApp
Task: {9702B199-A094-40CE-8714-403EA6940414} - System32\Tasks\Goodgame Empire1 => C:\Users\Ania\AppData\Local\Chromium\Application\chrome.exe --app=hxxps://empire.goodgamestudios.com/?w=385692 --app-window-size=1366,768
Task: {D02B0970-0BB7-4DB5-BFDD-060597D4EEC7} - System32\Tasks\WarThunder3 => C:\Program Files\Google\Chrome\Application\chrome.exe --app=hxxp://go.playmmogames.com/aff_c?offer_id=698&aff_id=1034&source=2&aff_sub2=va2INcjYiiEC5qis1Iudj6QKHaiphLsja8Rvo2sQb7bqFyis3flJod7ipJgAAAI3uzXAie&click_id=5c77286cc2a880e79b328d9239c6b8872f9ace48 --app-window-size=1366,768 <==== UWAGA
Task: {D6BA9FA5-7ADF-4FD7-9F13-57C3BEC04905} - System32\Tasks\WarThunder2 => C:\Program Files\Google\Chrome\Application\chrome.exe --app=hxxp://go.playmmogames.com/aff_c?offer_id=698&aff_id=1034&source=2&aff_sub2=va2INcjYiiEC5qis1Iudj6QKHaiphLsja8Rvo2sQb7bqFyis3flJod7ipJgAAAI3uzXAie&click_id=5c77286cc2a880e79b328d9239c6b8872f9ace48 --app-window-size=1366,768 <==== UWAGA
FirewallRules: [{3D52E179-FB9C-44BC-B687-D8BB137A209F}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
FirewallRules: [{A9930B20-764F-4530-B9FB-4611E478CB23}] => (Allow) LPort=49166
FirewallRules: [{A093B389-CAA2-4B0F-8BE3-33EC88AD9364}] => (Allow) LPort=5000
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uninstall Sunrise Seven.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Co nowego w ostatniej wersji.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Podręcznik RARa dla konsoli.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R\R i386 3.3.2.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\FreeCell.lnk
C:\Users\Ania\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Co nowego w ostatniej wersji.lnk
C:\Users\Ania\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Podręcznik RARa dla konsoli.lnk
C:\Users\Ania\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Avast Secure Browser.lnk
RemoveProxy:
CMD: ipconfig /flushdns