CloseProcesses:
CreateRestorePoint:
EmptyTemp:
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> Brak pliku
Task: {4C7AD94F-1C78-40F3-ACBA-7341262A5EB8} - \Microsoft\Windows\UNP\RunCampaignManager -> Brak pliku <==== UWAGA
AlternateDataStreams: C:\ProgramData\TEMP:6BE50C2B [464]
FirewallRules: [UDP Query User{33CE424E-87D5-4EBA-80D5-992167B8CA7E}C:\program files (x86)\ubisoft\heroes of might and magic iii\heroes3.exe] => (Allow) C:\program files (x86)\ubisoft\heroes of might and magic iii\heroes3.exe Brak pliku
FirewallRules: [TCP Query User{757F92AD-A709-42ED-86BC-BBAD7DC070F2}C:\program files (x86)\ubisoft\heroes of might and magic iii\heroes3.exe] => (Allow) C:\program files (x86)\ubisoft\heroes of might and magic iii\heroes3.exe Brak pliku
FirewallRules: [{CF49484D-9EF3-49CF-9AEA-B07BAF082BA3}] => (Allow) LPort=5000
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== UWAGA
HKU\S-1-5-21-55963522-1064848890-21313104-1001\...\Policies\Explorer: [] 
Tcpip\..\Interfaces\{0f80cba7-757c-42d5-b19a-c2d28e40d34e}: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{c54c98df-e24e-4af6-85a7-1b8b9934cc53}: [DhcpNameServer] 192.168.1.1
HKU\S-1-5-21-55963522-1064848890-21313104-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccZ_mSBpKrSMQZAgUZmw-oqZNGFB-vTDYqvwYNbIA5GpdsYXt8eoU035_Z4ZKg2AJh4snxBmi4fSHRMZQzxyatn_sq7Cf3j_xrQ0j1f-12GivPii-TlgN3ywaTmp94mbouh0J-cFSJx9co9HR9Kp0QDrWirYJA,,&q={searchTerms}
HKU\S-1-5-21-55963522-1064848890-21313104-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccZ_mSBpKrSMQZAgUZmw-oqZNGFB-vTDYqvwYNbIA5GpdsYXt8eoU035_Z4ZKg2AJh4gvjl2BLocBc35fHTkqdKvIqpGgdFAqhPifRO6hT29u5U9uGCjT1EDnRsS3LMGPcpo_Oki_4TscYM0Yu_BGp2zqq1Yng,,
SearchScopes: HKLM-x32 -> DefaultScope - brak wartości
FF Homepage: Mozilla\Firefox\Profiles\qke2qglx.default -> file:///C:/ProgramData/Quoteexs/ff.HP
FF NewTab: Mozilla\Firefox\Profiles\qke2qglx.default -> file:///C:/ProgramData/Quoteexs/ff.NT
CHR StartupUrls: Default -> "hxxps://cargotycoon.pl/sign-in","hxxps://usunwirusa.pl/wirus-search-safefinder-info-virus/","chrome://newtab/"
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
2016-11-18 15:36 - 2019-02-17 18:29 - 000000184 _____ () C:\Users\Dawid\AppData\Roaming\sp_data.sys
2019-02-10 09:09 - 2019-02-10 09:09 - 007881728 _____ () C:\Users\Dawid\AppData\Local\agent.dat
2019-02-10 09:08 - 2019-02-10 09:08 - 000140800 _____ () C:\Users\Dawid\AppData\Local\installer.dat
2019-02-10 09:09 - 2019-02-10 09:09 - 000005568 _____ () C:\Users\Dawid\AppData\Local\md.xml
2019-02-10 09:09 - 2019-02-10 09:09 - 000126464 _____ () C:\Users\Dawid\AppData\Local\noah.dat
2019-02-10 09:08 - 2019-02-10 09:09 - 000722944 _____ () C:\Users\Dawid\AppData\Local\sham.db
2019-02-10 09:09 - 2019-02-10 09:09 - 000032038 _____ () C:\Users\Dawid\AppData\Local\uninstall_temp.ico
2019-02-10 09:09 - 2019-02-10 09:09 - 002038046 _____ () C:\Users\Dawid\AppData\Local\Voltfax.tst
RemoveProxy: