CloseProcesses:
CreateRestorePoint:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA
HKU\S-1-5-21-1924779636-1405335949-1907974575-1000\...\MountPoints2: {29f208cc-0bc7-11e6-b9aa-806e6f6e6963} - G:\autorun.exe
HKU\S-1-5-21-1924779636-1405335949-1907974575-1000\...\MountPoints2: {c22a4c4c-0584-11e6-b1c1-d43d7e4b6393} - F:\autorun.exe
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
FF HKLM\...\Firefox\Extensions: [jid1-r1tDuNiNb4SEww@jetpack] - C:\Program Files\AVAST Software\Avast\pam\FF => nie znaleziono
FF HKLM-x32\...\Firefox\Extensions: [jid1-r1tDuNiNb4SEww@jetpack] - C:\Program Files\AVAST Software\Avast\pam\FF => nie znaleziono
FF Plugin: @microsoft.com/GENUINE -> disabled [Brak pliku]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Brak pliku]
CHR HomePage: Default -> file:///C:/Users/HSM/Desktop/SklepSH/Lisner
CHR StartupUrls: Default -> "hxxp://search.gboxapp.com/","hxxp://www.hohosearch.com/?mode=nnnb&ptid=icb&uid=6321F8BD926ED11579DC224C58749ACD&v=20160415&ts=AHEqA3UnAn4sAE.."
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [emhginjpijfggbofeediiojmdlmlkoik] - C:\Program Files\AVAST Software\Avast\pam\Chrome\pam.crx <nie znaleziono>
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <nie znaleziono>
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB (HKLM\...\{E237254B-36A1-3D27-815E-B37C13BE0796}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (HKLM-x32\...\{03077B58-6ACF-32CA-B42A-EAA458C295A1}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x64) - RUS (HKLM\...\{25FB53C5-BE4C-3B6C-A0C9-D49A39227E1E}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (HKLM-x32\...\{68DC347D-C1C0-3DE2-A53E-CCC71DA53E57}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Task: {95E04497-2CFC-45E3-B2FD-70FBE1D009FE} - System32\Tasks\{6374FAAB-43CC-47C5-AA3D-B2207A476EF9} => C:\Windows\system32\pcalua.exe -a C:\Users\HSM\Downloads\STOPzillaPRO_Downloader.exe -d C:\Users\HSM\Downloads
Task: {B7D393A6-F708-4C83-9958-98AAF70DA8B8} - System32\Tasks\{7E11CC2C-5E02-4BF1-A103-86BEB81B937A} => C:\Windows\system32\pcalua.exe -a C:\Users\HSM\Desktop\MaSzyna_08_13\RAINSTED.exe -d C:\Users\HSM\Desktop\MaSzyna_08_13
Task: {C4C0E1EB-30DC-4488-AFF2-A58CE9EA271A} - System32\Tasks\{7D1538C1-7DC8-4307-81CD-6B1E455B485E} => C:\Windows\system32\pcalua.exe -a "C:\Users\HSM\Downloads\DAMN_NFO_Viewer[www.instalki.pl] (1).exe" -d C:\Users\HSM\Downloads
RemoveDirectory: C:\Program Files (x86)\UniDeaLsi
RemoveDirectory: C:\Program Files (x86)\youtubeadblocker
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay\eBay Turbo Lister 2.lnk
C:\ProgramData\Microsoft\Windows\GameExplorer\{BBC27A87-A956-423B-9354-1A57D11F95D6}\PlayTasks\0\Play.lnk
C:\ProgramData\Microsoft\Windows\GameExplorer\{7669D9E8-7E65-4FEE-AE68-1170B0787A01}\PlayTasks\0\Play.lnk
C:\ProgramData\Microsoft\Windows\GameExplorer\{0225C058-7120-41CB-B1F5-1DF06BFA9F56}\PlayTasks\0\Play.lnk
C:\Users\HSM\Desktop\Skróty\Ashampoo Movie Studio Pro 2.lnk
C:\Users\HSM\Desktop\Skróty\eBay Turbo Lister 2.lnk
C:\Users\HSM\Desktop\Skróty\Router Wi-Fi Movil.lnk
C:\Users\HSM\Desktop\Skróty\WYSIWYG Web Builder 12.lnk
C:\Users\HSM\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\eBay Turbo Lister 2.lnk
C:\Users\HSM\AppData\Roaming\Adobe\Workflow\working.lnk
C:\Users\HSM\AppData\Roaming\Adobe\Workflow\workinghidden.lnk
EmptyTemp:
CMD: ipconfig /flushdns
Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"}