CloseProcesses: CreateRestorePoint: EmptyTemp: HKLM\...\Run: [] => [X] HKLM-x32\...\Run: [] => [X] HKU\S-1-5-21-3957646813-908878922-1319041967-1001\...\Run: [] => [X] HKU\S-1-5-21-3957646813-908878922-1319041967-1001\...\Run: [Sys32] => [X] HKU\S-1-5-21-3957646813-908878922-1319041967-1001\...\Run: [Sys32V] => C:\Windows\Sys32V.exe [262144 2016-04-17] (AHMED CORPORATION) HKU\S-1-5-21-3957646813-908878922-1319041967-1001\...\MountPoints2: {0fbed472-eac5-11e6-9949-a01d48b0c8e3} - G:\autorun.exe HKU\S-1-5-21-3957646813-908878922-1319041967-1001\...\MountPoints2: {44f12277-ebaa-11e6-81f4-a01d48b0c8e3} - H:\autorun.exe HKU\S-1-5-21-3957646813-908878922-1319041967-1001\...\MountPoints2: {79752d37-ef60-11e6-a3ff-a01d48b0c8e3} - I:\setup.exe HKU\S-1-5-21-3957646813-908878922-1319041967-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [242688 2010-11-21] (Microsoft Corporation) Tcpip\..\Interfaces\{75B8F11E-6488-45F1-9908-61DAEA0DF8DA}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{9510BCB5-4E09-46B0-B53C-66599C8ACA2E}: [DhcpNameServer] 89.231.1.206 217.172.224.160 Tcpip\..\Interfaces\{CE9458F3-DF42-49FF-9CDB-5F7525271797}: [DhcpNameServer] 192.168.0.1 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gazeta.pl/0,0.html?p=181&d=20140923 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gazeta.pl/0,0.html?p=181&d=20140923 SearchScopes: HKU\S-1-5-21-3957646813-908878922-1319041967-1001 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://pl.search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10195_swoc_campaign_160209__yaie&p={searchTerms} FF Plugin: @microsoft.com/GENUINE -> disabled [Brak pliku] FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Brak pliku] FF Plugin HKU\S-1-5-21-3957646813-908878922-1319041967-1001: www.exent.com/GameTreatWidget -> C:\Program Files (x86)\Free Ride Games\npGameTreatWidget.dll [Brak pliku] CHR HKLM-x32\...\Chrome\Extension: [ncffjdbbodifgldkcbhmiiljfcnbgjab] - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\ChromeExt\dpchrome.crx [2013-08-06] S3 ALSysIO; \??\C:\Users\Paulina\AppData\Local\Temp\ALSysIO64.sys [X] <==== UWAGA S2 npf; \??\C:\Windows\system32\drivers\npf.sys [X] ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => -> Brak pliku ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => -> Brak pliku ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => -> Brak pliku Task: {BA7A003E-6357-48B1-A470-2800606C6013} - System32\Tasks\{DD991C58-B725-44DB-8CCE-4700788951F1} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}\Sims3EP07Setup.exe" -c -runfromtemp -l0x0015 -removeonly C:\Users\Paulina\Desktop\Pliki od HP\Box offer for HP.lnk IE trusted site: HKU\.DEFAULT\...\localhost -> localhost IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com IE trusted site: HKU\S-1-5-21-3957646813-908878922-1319041967-1001\...\localhost -> localhost IE trusted site: HKU\S-1-5-21-3957646813-908878922-1319041967-1001\...\webcompanion.com -> hxxp://webcompanion.com C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Sims 3\Plik Przeczytaj.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Sims 3\Pomoc techniczna.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Sims 3\The Sims 3.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Sims 3\Umowa użytkownika The Sims 3.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightworks\Uninstall Lightworks.lnk C:\Users\Paulina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Ride Games\Virtual Villagers 2\Play Virtual Villagers 2.lnk CMD: ipconfig /flushdns Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"}