CloseProcesses:
CreateRestorePoint:
C:\Users\omeni\Downloads\pqwv6me2.exe
Tcpip\..\Interfaces\{26b11a49-585f-4b43-a90c-9af3c3d7b25b}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{816aa0c6-7940-4bd6-a2a3-a5eca77f2fa3}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{816aa0c6-7940-4bd6-a2a3-a5eca77f2fa3}: [DhcpNameServer] 185.138.236.105 192.168.0.1
Tcpip\..\Interfaces\{91bacc1e-725b-4151-aa9d-155061134395}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{a73f576c-4f86-4b85-877e-c100f61354e2}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{b3e804d7-6b02-4130-9219-c8e3a748adb0}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{b6e27a25-e850-4b88-85b7-01af13c62cfa}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{cfc0601f-3644-4289-a2c3-3415178a1f85}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{cfc0601f-3644-4289-a2c3-3415178a1f85}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{e750d940-e8d9-4587-baa9-464f3541d282}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{e8fc7d43-d60a-11e7-8923-806e6f6e6963}: [NameServer] 8.8.8.8
HKU\S-1-5-21-3871418032-1596037261-330858894-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus15.msn.com/?pc=ASTE
HKU\S-1-5-21-3871418032-1596037261-330858894-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02072018185917753\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus15.msn.com/?pc=ASTE
SearchScopes: HKU\S-1-5-21-3871418032-1596037261-330858894-1001 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = 
SearchScopes: HKU\S-1-5-21-3871418032-1596037261-330858894-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3871418032-1596037261-330858894-1001 -> {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = hxxps://www.google.pl/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3871418032-1596037261-330858894-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02072018185917753 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = 
SearchScopes: HKU\S-1-5-21-3871418032-1596037261-330858894-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02072018185917753 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3871418032-1596037261-330858894-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02072018185917753 -> {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = hxxps://www.google.pl/search?q={searchTerms}
CHR HKU\S-1-5-21-3871418032-1596037261-330858894-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3871418032-1596037261-330858894-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3871418032-1596037261-330858894-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02072018185917753\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3871418032-1596037261-330858894-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02072018185917753\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
U3 awadiaog; C:\Users\omeni\AppData\Local\Temp\awadiaog.sys [56584 2018-02-07] (GMER) [Brak podpisu cyfrowego] <==== UWAGA
2018-02-07 16:28 - 2018-02-07 17:50 - 000000000 ____D C:\Users\omeni\AppData\Local\yc
ContextMenuHandlers1: [7-Zip] -> [CC]{23170F69-40C1-278A-1000-000100020000} =>  -> Brak pliku
ContextMenuHandlers1: [AccExt] -> [CC]{2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} =>  -> Brak pliku
ContextMenuHandlers4: [7-Zip] -> [CC]{23170F69-40C1-278A-1000-000100020000} =>  -> Brak pliku
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> Brak pliku
Task: {41356C36-FA66-4678-97B8-D02D29462859} - \Microsoft\Windows\UNP\RunCampaignManager -> Brak pliku <==== UWAGA
Task: {DFAEDA23-517E-4C46-88C2-4CA9169F1876} - System32\Tasks\Driver Booster SkipUAC (omenik92) => C:\Program Files (x86)\IObit\Driver Booster\4.0.4\DriverBooster.exe
2018-02-07 19:05 - 2018-02-07 19:06 - 000380928 _____ () C:\Users\omeni\Downloads\pqwv6me2.exe
AlternateDataStreams: C:\ProgramData\Application Data:NT [40]
AlternateDataStreams: C:\ProgramData\Application Data:NT2 [432]
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT [40]
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT2 [432]
HKU\S-1-5-21-3871418032-1596037261-330858894-1001\Software\Classes\regfile: regedit.exe "%1" <==== UWAGA
IE trusted site: HKU\S-1-5-21-3871418032-1596037261-330858894-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-3871418032-1596037261-330858894-1001\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-3871418032-1596037261-330858894-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02072018185917753\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-3871418032-1596037261-330858894-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02072018185917753\...\webcompanion.com -> hxxp://webcompanion.com
FirewallRules: [{2A88E49E-FA1F-4338-8106-5D88A8242B1A}] => (Allow) C:\Users\omeni\AppData\Local\yc\Application\yc.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Transformers Fall of Cybertron\Transformers Fall of Cybertron.lnk
C:\Program Files (x86)\Transformers Fall of Cybertron\Binaries\TFOC.exe (Brak pliku)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Transformers Fall of Cybertron\Uninstall Game.lnk
C:\Program Files (x86)\Transformers Fall of Cybertron\unins000.exe (Brak pliku)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments\Service Center\Native Instruments Homepage.lnk
C:\WINDOWS\Installer\{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}\et20Explorer5ciexplore.exe0.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments\Massive\Native Instruments Homepage.lnk
C:\WINDOWS\Installer\{491DF203-7B61-4F0E-BDCB-A1218C4DAFE9}\et20Explorer5ciexplore.exe0.ico (Brak pliku)
C:\Users\omeni\OneDrive\Dokumenty\Euro Truck Simulator 2\readme.rtf.lnk
C:\2-click run\Euro Truck Simulator 2 v1.22.1.1s (29 DLC)\readme.rtf (Brak pliku)
C:\Users\omeni\OneDrive\Dokumenty\American Truck Simulator\readme.rtf.lnk
C:\Program Files (x86)\American Truck Simulator\readme.rtf (Brak pliku)
EmptyTemp:
Hosts:
netsh advfirewall reset
Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"}