CloseProcesses: CreateRestorePoint: EmptyTemp: HKU\S-1-5-21-973996416-432849057-2411937491-1001\...\Run: [BingSvc] => C:\Users\Anna\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-12] (© 2015 Microsoft Corporation) HKU\S-1-5-21-973996416-432849057-2411937491-1001\...\Policies\Explorer: [] HKU\S-1-5-21-973996416-432849057-2411937491-1001\...\MountPoints2: {350d9408-8e84-11e7-82cd-0071cc91891e} - "F:\HiSuiteDownLoader.exe" HKU\S-1-5-21-973996416-432849057-2411937491-1001\...\MountPoints2: {360cf295-f36f-11e5-828f-0071cc91891e} - "F:\startme.exe" HKU\S-1-5-21-973996416-432849057-2411937491-1001\...\MountPoints2: {3bfe396f-1a2f-11e7-82ad-0071cc91891e} - "F:\Setup.bat" HKU\S-1-5-21-973996416-432849057-2411937491-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Mystify.scr [133632 2014-10-29] (Microsoft Corporation) SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-973996416-432849057-2411937491-1001 -> {306553DA-E069-4DEF-8753-4DC9C702AD32} URL = hxxp://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-973996416-432849057-2411937491-1001 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://pandasecurity.mystart.com/results.php?pr=vmn&gen=ms&id=pandasecuritytb&v=4_3&idate=2017-09-18&ent=ch_675&q={searchTerms} BHO: Panda Safe Web -> {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} -> C:\Program Files (x86)\pandasecuritytb\pandasecurityDx64.dll => Brak pliku BHO-x32: Panda Safe Web -> {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} -> C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll => Brak pliku Toolbar: HKLM - Panda Safe Web - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx64.dll Brak pliku Toolbar: HKLM-x32 - Panda Safe Web - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll Brak pliku CHR HKLM\...\Chrome\Extension: [fagakgcelolinfnkfgekcnedpaklfcok] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [fagakgcelolinfnkfgekcnedpaklfcok] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25] S2 MaxthonUpdateSvc; "C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe" [X] S2 RichVideo64; "C:\Program Files\CyberLink\Shared files\RichVideo64.exe" [X] U2 CWASRE; Brak ImagePath S1 iSafeKrnl; \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [X] <==== UWAGA S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X] U2 snare; Brak ImagePath ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku Task: {52C03B84-D9B9-4DDF-AA3B-3A795F401FBF} - \Maxthon Update -> Brak pliku <==== UWAGA Task: {75D4720A-53D2-4297-BF3E-72793E3E37B0} - Brak ścieżki do pliku FirewallRules: [{564C1006-7730-46C0-8A53-A1F97BF1934D}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe FirewallRules: [{5FF694A9-C651-469A-B849-80807530491F}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe FirewallRules: [{A3E1B3B9-5AE8-44C8-9E37-4B46CD612AF0}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe FirewallRules: [{F7B6E9E1-DD9C-415D-8089-ABA518D2486A}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe FirewallRules: [{5A4FDEAB-72FA-4A83-8F9C-3B6885078F01}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe FirewallRules: [{7DC0A7CD-4F3D-43A0-A17F-67FB657E82D4}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe FirewallRules: [TCP Query User{B78B8C2D-7FB1-401D-A231-6E318ECFBA33}C:\users\anna\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\anna\appdata\local\akamai\netsession_win.exe FirewallRules: [UDP Query User{01D99E34-45F2-405D-A6E4-0A18F7F0B703}C:\users\anna\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\anna\appdata\local\akamai\netsession_win.exe FirewallRules: [TCP Query User{64134179-FB24-45AE-A47E-D7DDF354E13F}C:\users\anna\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\anna\appdata\local\akamai\netsession_win.exe FirewallRules: [UDP Query User{125A7868-A08B-4145-82C9-B536986C1B7E}C:\users\anna\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\anna\appdata\local\akamai\netsession_win.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CATIA P3\CATIA P3 V5R21.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CATIA P3\Tools\Batch Management V5R21.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CATIA P3\Tools\Environment Editor V5R21.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CATIA P3\Tools\Nodelock Key Management (DSLS) V5R21.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CATIA P3\Tools\Nodelock Key Management (LUM) V5R21.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CATIA P3\Tools\Printers V5R21.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CATIA P3\Tools\Settings Management V5R21.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CATIA P3\Tools\Software Management V5R21.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CATIA P3\Tools\Vault Client Setup V5R21.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen\AVG.lnk C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo Web Start.lnk C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Menu.lnk C:\Users\Ewa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk C:\Users\Anna\Favorites\AmazonBrowserBar.url C:\Users\Default\Favorites\AmazonBrowserBar.url C:\Users\Gość\Favorites\AmazonBrowserBar.url Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"}