CloseProcesses:
CreateRestorePoint:
EmptyTemp:
YoutubeAdBlock (HKLM-x32\...\1655C0CA-7AE7-4012-8502-970C8675E5F8) (Version: 2.0.0.731 - Company Inc.) <==== UWAGA
Task: {0B050E46-1144-422E-B32B-6BC25AE281F2} - System32\Tasks\iYMvCriySoqaGgPjbmR2 => rundll32 "C:\Program Files (x86)\qUgzYKxVLnesC\tyCQOiq.dll",#1
Task: {3DB247A6-C17F-4DBC-8470-3C0D4A6442B6} - System32\Tasks\DvwLFWwXutwLxJgmB2 => rundll32 "C:\Program Files (x86)\ooxzIAzTqruiVIszQdR\ghCRBSU.dll",#1
Task: {562CFE1B-A5B8-452E-8594-EE72971E4EBC} - System32\Tasks\mMzvDpxKxjJVUr => rundll32 "C:\Program Files (x86)\hUmbquBpttZU2\mCarNoIshCzOE.dll",#1
Task: {C32573C0-AB21-4643-8F36-D976B0D5652E} - System32\Tasks\SOVqgpLsuXhFCxp2 => rundll32 "C:\Program Files (x86)\fHDlqDVwU\CrosCO.dll",#1
Task: {CAED874C-BEC1-40DC-8F96-6FF512157F40} - System32\Tasks\UXshqEpiPQcXH2 => C:\WINDOWS\system32\wscript.exe "C:\ProgramData\BuHcEEPgNwocAWVB\WJksGPy.wsf"
2018-12-31 12:47 - 2018-12-31 12:47 - 000084992 _____ () C:\Users\pio-t\AppData\Local\NtvHost\L.dll
AlternateDataStreams: C:\Users\pio-t\AppData\Local\Temp:$DATA​ [16]
FirewallRules: [{9A3B06CB-20BB-4F7F-9D19-8C301BBA9835}] => (Allow) D:\Steam\bin\cef\cef.win7\steamwebhelper.exe Brak pliku
FirewallRules: [{DBCC4846-78E1-461E-A33A-36392CFB029A}] => (Allow) D:\Steam\bin\cef\cef.win7\steamwebhelper.exe Brak pliku
FirewallRules: [{45F76120-F62C-451B-94CC-D144C48273A9}] => (Allow) D:\Steam\steamapps\common\Dishonored RHCP\Binaries\Win32\Dishonored.exe Brak pliku
FirewallRules: [{E9487F46-940E-4F1E-B501-1E224E88BB4B}] => (Allow) D:\Steam\steamapps\common\Dishonored RHCP\Binaries\Win32\Dishonored.exe Brak pliku
(CloudBees, Inc.) C:\ProgramData\Microsoft\Windows\EventSvc\eventsvc.exe
(CloudBees, Inc.) C:\Users\pio-t\AppData\Local\NtvHost\syssvc.exe
(Google Chrome) C:\Users\pio-t\AppData\Local\NtvHost\native.exe
HKLM\...\RunOnce: [OMEWPRODUCT_] => C:\Program Files\Windows Photo Viewer\50PK9ABAW0MFBZVDURDH6XZSY7VG45H\xu3D5Vp&M3.exe [93184 2018-12-30] () <==== UWAGA
HKLM\...\RunOnce: [kuqlukp2ccz] => C:\Program Files (x86)\XWX\208811345.exe [664576 2018-12-30] ()
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA
HKU\S-1-5-21-1038210768-1225489226-4047529083-1001\...\Run: [小米云服务] => C:\Users\pio-t\AppData\Local\MiCloudPC\update.exe [1524136 2017-11-23] (GitHub)
HKU\S-1-5-21-1038210768-1225489226-4047529083-1001\...\Run: [gF4YC8f--C.exe] => C:\Program Files\Windows Photo Viewer\50PK9ABAW0MFBZVDURDH6XZSY7VG45H\gF4YC8f--C.exe [364032 2018-12-30] ()
HKU\S-1-5-21-1038210768-1225489226-4047529083-1001\...\Run: [8327682] => C:\Users\pio-t\AppData\Roaming\4gpz5hav5it\bkdegjeuuwh.exe [1499852 2018-12-30] ( )
HKU\S-1-5-21-1038210768-1225489226-4047529083-1001\...\Run: [3470194] => C:\Users\pio-t\AppData\Roaming\jfqdus4jfjl\5whb3dwfyjw.exe [1499852 2018-12-30] ( )
HKU\S-1-5-21-1038210768-1225489226-4047529083-1001\...\Run: [5146912] => C:\Users\pio-t\AppData\Roaming\hqmuwfrrdzt\43cxkrqc4kd.exe [1499852 2018-12-31] ( )
HKU\S-1-5-21-1038210768-1225489226-4047529083-1001\...\Run: [4937690] => C:\Users\pio-t\AppData\Roaming\uvybocc1jsl\mifa0dxcxlf.exe [1262629 2018-12-31] ( )
HKU\S-1-5-21-1038210768-1225489226-4047529083-1001\...\Run: [9719522] => C:\Users\pio-t\AppData\Roaming\4twqfqmp11p\h2ofqliolo2.exe [1262629 2018-12-31] ( )
HKU\S-1-5-21-1038210768-1225489226-4047529083-1001\...\Run: [2186631] => C:\Users\pio-t\AppData\Roaming\pauaed1harl\umncn10as5c.exe [1262629 2018-12-31] ( )
HKU\S-1-5-21-1038210768-1225489226-4047529083-1001\...\Run: [3079923] => C:\Users\pio-t\AppData\Roaming\u5kgazjmlht\demzr5lrhsq.exe [1262629 2018-12-31] ( )
HKU\S-1-5-21-1038210768-1225489226-4047529083-1001\...\Run: [5838356] => C:\Users\pio-t\AppData\Roaming\dgy2152astv\heqkoqc5irm.exe [1262629 2018-12-31] ( )
HKU\S-1-5-21-1038210768-1225489226-4047529083-1001\...\MountPoints2: {29448b97-e291-11e8-9b73-6245b4f6cc6f} - "J:\setup.exe" 
HKU\S-1-5-21-1038210768-1225489226-4047529083-1001\...\Winlogon: [Shell] %comspec% <==== UWAGA
HKU\S-1-5-21-1038210768-1225489226-4047529083-1001\...\Command Processor: @mode 20,5 & tasklist /FI "IMAGENAME eq SoundMixer.exe" 2>NUL | find /I /N "SoundMixer.exe">NUL && exit & if exist "C:\Users\pio-t\AppData\Roaming\Microsoft\SoundMixer\SoundMixer.exe" ( start /MIN "" "C:\Users\pio-t\AppData\Roaming\Microsoft\SoundMixer\SoundMixer.exe" & tasklist /FI "IMAGENAME eq explorer.exe" 2>NUL | find /I /N "explorer.exe">NUL && exit & explorer.exe & exit ) else ( tasklist /FI "IMAGENAME eq explorer.exe" 2>NUL | find /I /N "explorer.exe">NUL && exit & explorer.exe & exit ) <==== UWAGA
AppInit_DLLs: C:\ProgramData\Voyasollam\Bluephase.dll => Brak pliku
AppInit_DLLs-x32: C:\ProgramData\Voyasollam\Faxdom.dll => Brak pliku
GroupPolicy: Ograniczenia - Chrome <==== UWAGA
CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <==== UWAGA
SearchScopes: HKLM-x32 -> DefaultScope - brak wartości
BHO: YoutubeAdBlock -> {984AFA40-4BEC-457F-AEDE-FE3404A646FA} -> C:\Program Files (x86)\VKkhWVSisIE\tKUMtRv8K.dll [2018-12-31] ()
BHO-x32: YoutubeAdBlock -> {984AFA40-4BEC-457F-AEDE-FE3404A646FA} -> C:\Program Files (x86)\VKkhWVSisIE\kzyJBgqB.dll [2018-12-31] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [Brak pliku]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [Brak pliku]
CHR Extension: (Adblocker for Youtube™) - C:\Users\pio-t\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjokomechjchekkcnccjpmgakmjgoaom [2018-12-31] [UpdateUrl: hxxps://clients88.google.com/service/update2/crx] <==== UWAGA
CHR Extension: (Google Slides Offline) - C:\Users\pio-t\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkegldnjiebaagebdcoglmebpgbaljdn [2018-12-31] [UpdateUrl: hxxps://clients88.google.com/service/update2/crx] <==== UWAGA
R2 EventSvc; C:\ProgramData\Microsoft\Windows\EventSvc\eventsvc.exe [360448 2018-07-24] (CloudBees, Inc.) [Brak podpisu cyfrowego] <==== UWAGA
R2 PowerSvc; C:\ProgramData\Microsoft\Windows\Power\PowerSvc.exe [6406448 2018-12-31] () [Brak podpisu cyfrowego] <==== UWAGA
R2 SysSvc; C:\Users\pio-t\AppData\Local\NtvHost\syssvc.exe [360448 2018-12-31] (CloudBees, Inc.) [Brak podpisu cyfrowego] <==== UWAGA
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S3 MSICDSetup; \??\G:\CDriver.sys [X]
2018-12-31 12:46 - 2018-12-31 12:50 - 000000000 ____D C:\Users\pio-t\AppData\Local\NtvHost
2018-12-31 12:46 - 2018-12-31 12:46 - 000000000 ____D C:\Program Files\KDLRADO27J
2018-12-31 12:46 - 2018-12-31 12:46 - 000000000 ____D C:\Program Files (x86)\VKkhWVSisIE
2018-12-31 12:46 - 2018-12-31 12:46 - 000000000 ____D C:\Program Files (x86)\qUgzYKxVLnesC
2018-12-31 12:46 - 2018-12-31 12:46 - 000000000 ____D C:\Program Files (x86)\ooxzIAzTqruiVIszQdR
2018-12-31 12:46 - 2018-12-31 12:46 - 000000000 ____D C:\Program Files (x86)\hUmbquBpttZU2
2018-12-31 12:46 - 2018-12-31 12:46 - 000000000 ____D C:\Program Files (x86)\fHDlqDVwU
2018-12-31 12:43 - 2018-12-31 12:43 - 000000000 ____D C:\Program Files\M7QMPVA5OR
2018-12-31 12:39 - 2018-12-31 12:39 - 000000000 ____D C:\Program Files\YYOD7I8PO6
2018-12-31 00:21 - 2018-12-31 00:21 - 000000000 ____D C:\Program Files\R9AZ9HOK2E
2018-12-30 23:35 - 2018-12-30 23:35 - 000000266 __RSH C:\Users\pio-t\ntuser.pol
2018-12-31 12:46 - 2018-08-25 09:17 - 000003410 __RSH C:\ProgramData\ntuser.pol
C:\Program Files\Windows Photo Viewer\50PK9ABAW0MFBZVDURDH6XZSY7VG45H\xu3D5Vp&M3.exe