CloseProcesses: CreateRestorePoint: HKU\S-1-5-21-861925037-29683946-2397884485-1001\...\Policies\Explorer: [] HKU\S-1-5-21-861925037-29683946-2397884485-1001\...\MountPoints2: {3a1b8ce2-bdb0-11e7-825f-201a06715d41} - "E:\HiSuiteDownLoader.exe" HKU\S-1-5-21-861925037-29683946-2397884485-1001\...\MountPoints2: {3a1b8cfd-bdb0-11e7-825f-201a06715d41} - "E:\HiSuiteDownLoader.exe" HKU\S-1-5-21-861925037-29683946-2397884485-1001\...\MountPoints2: {3a1b8d73-bdb0-11e7-825f-201a06715d41} - "E:\HiSuiteDownLoader.exe" HKU\S-1-5-21-861925037-29683946-2397884485-1001\...\MountPoints2: {3a1b8d7b-bdb0-11e7-825f-201a06715d41} - "E:\HiSuiteDownLoader.exe" HKU\S-1-5-21-861925037-29683946-2397884485-1001\...\MountPoints2: {d1ab990d-0223-11e8-829b-201a06715d41} - "E:\LaunchU3.exe" -a HKU\S-1-5-21-861925037-29683946-2397884485-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.pl/ HKU\S-1-5-21-861925037-29683946-2397884485-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-861925037-29683946-2397884485-1001 -> DefaultScope {7C945DB7-1340-45F2-A408-FA0824B8CF3B} URL = CustomCLSID: HKU\S-1-5-21-861925037-29683946-2397884485-1001_Classes\CLSID\{49E0BE0A-39E0-4932-B7BE-F249D56ACD31}\InprocServer32 -> csp16.dll => Brak pliku ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku Task: C:\Windows\Tasks\Connect.job => C:\Program Files (x86)\MAGIX\Connect\connect.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\All MMO Games.lnk C:\ProgramData\Microsoft\Windows\GameExplorer\{1447c6c0-8a7b-4b3f-a3b2-cbc9cb3ff16d}\PlayTasks\0\Aloha TriPeaks.lnk C:\Users\kuba\AppData\Local\Microsoft\Windows\GameExplorer\{1447c6c0-8a7b-4b3f-a3b2-cbc9cb3ff16d}\PlayTasks\0\Aloha TriPeaks.lnk C:\Users\kuba\AppData\Local\Microsoft\Windows\Application Shortcuts\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Microsoft.WindowsLive.Calendar.lnk C:\Users\kuba\AppData\Local\Microsoft\Windows\Application Shortcuts\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Microsoft.WindowsLive.Mail.lnk C:\Users\kuba\AppData\Local\Microsoft\Windows\Application Shortcuts\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Microsoft.WindowsLive.People.lnk C:\Users\kuba\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Studios.PinballFx2_8wekyb3d8bbwe\App.lnk C:\Users\kuba\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.BingWeather_8wekyb3d8bbwe\App.lnk C:\Users\kuba\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.BingTravel_8wekyb3d8bbwe\AppexTravel.lnk C:\Users\kuba\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.BingMaps_8wekyb3d8bbwe\AppexMaps.lnk C:\Users\kuba\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.BingFinance_8wekyb3d8bbwe\AppexFinance.lnk Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"} EmptyTemp: