CloseProcesses:
CreateRestorePoint:
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA
HKU\S-1-5-21-3864108792-3241854129-238959929-1000\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-3864108792-3241854129-238959929-1000\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-3864108792-3241854129-238959929-1000\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-18\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-18\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 1
BootExecute: autocheck autochk * sdnclean.exe
GroupPolicy: Ograniczenia - Chrome <==== UWAGA
CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <==== UWAGA
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <==== UWAGA
HKU\S-1-5-21-3864108792-3241854129-238959929-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <==== UWAGA
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3864108792-3241854129-238959929-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://windowsmx.pl/Win7_by_MalcolmX
HKU\S-1-5-21-3864108792-3241854129-238959929-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-3864108792-3241854129-238959929-1000 -> DefaultScope {637D6E3C-DF93-48A5-8362-159A8AC56B11} URL = hxxp://www.google.com/search?hl=en&q={searchTerms}&meta=
SearchScopes: HKU\S-1-5-21-3864108792-3241854129-238959929-1000 -> {637D6E3C-DF93-48A5-8362-159A8AC56B11} URL = hxxp://www.google.com/search?hl=en&q={searchTerms}&meta=
FF Plugin: @microsoft.com/GENUINE -> disabled [Brak pliku]
CHR HomePage: Default -> hxxp://www.google.pl/
CHR StartupUrls: Default -> "hxxps://www.google.pl/"
CHR Session Restore: Default -> [funkcja włączona]
CHR HKLM\...\Chrome\Extension: [ccjleegmemocfpghkhpjmiccjcacackp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn] - hxxps://clients2.google.com/service/update2/crx
S3 catchme; \??\C:\Users\Asia\AppData\Local\Temp\catchme.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 EsgScanner; system32\DRIVERS\EsgScanner.sys [X]
R1 ESProtectionDriver; \??\C:\Windows\system32\drivers\mbae.sys [X]
R2 MBAMChameleon; \SystemRoot\System32\Drivers\MbamChameleon.sys [X]
S3 MBAMFarflt; system32\DRIVERS\farflt.sys [X]
S3 MBAMProtection; system32\DRIVERS\mbam.sys [X]
S3 MBAMSwissArmy; \SystemRoot\System32\Drivers\mbamswissarmy.sys [X]
S3 MBAMWebProtection; system32\DRIVERS\mwac.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2018-01-27 15:12 - 2018-01-27 15:12 - 000000000 ____D C:\ProgramData\SWCUTemp
2018-01-26 19:42 - 2018-01-27 10:04 - 000000000 ____D C:\AdwCleaner
Replace: C:\Windows\SysWOW64\explorer.exe C:\Windows\explorer.exe
Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"}
EmptyTemp: