CloseProcesses: CreateRestorePoint: EmptyTemp: HKU\S-1-5-21-2027420962-3639592582-740321883-1001\...\Run: [Murasaki] => explorer.exe hxxp://ozirizsoos.info <==== UWAGA HKU\S-1-5-21-2027420962-3639592582-740321883-1001\...\Winlogon: [Shell] C:\Windows\System32\cmd.exe [273920 2018-04-12] (Microsoft Corporation) <==== UWAGA HKU\S-1-5-21-2027420962-3639592582-740321883-1001\...\Command Processor: @mode 20,5 & tasklist /FI "IMAGENAME eq SoundMixer.exe" 2>NUL | find /I /N "SoundMixer.exe">NUL && exit & if exist ( start /MIN "" & tasklist /FI "IMAGENAME eq explorer.exe" 2>NUL | find /I /N "explorer.exe">NUL && exit & explorer.exe & exit ) else ( tasklist /FI "IMAGENAME eq explorer.exe" 2>NUL | find /I /N "explorer.exe">NUL && exit & explorer.exe & exit ) <==== UWAGA GroupPolicy: Ograniczenia ? <==== UWAGA CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> Brak pliku ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> Brak pliku ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> Brak pliku ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> Brak pliku ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> Brak pliku ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> Brak pliku ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> Brak pliku ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> Brak pliku ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> Brak pliku ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> Brak pliku ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> Brak pliku ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> Brak pliku ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> Brak pliku ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> Brak pliku ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> Brak pliku Task: {01A8B697-DD0F-4985-A8C0-12C2E633A24C} - System32\Tasks\SlimCleaner Plus (Scheduled Scan - Murasaki) => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe Task: {2D61858B-5DC1-4349-B729-842E106C7B5F} - System32\Tasks\{0C199FE5-596C-420E-9E68-2793810B0021} => C:\Windows\system32\pcalua.exe -a C:\Users\Murasaki\AppData\Local\Apps\2.0\9EONXGPP.330\CRJQH0CO.BE6\dell..tion_831211ca63b981c5_0008.0008_b150a6542eb950c1\Uninstaller.exe -c uninstall Task: {88164BBF-54E4-4C24-9A08-DC4ABBA7BA15} - System32\Tasks\Murasaki => cmd.exe /c REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /f /v Murasaki /t REG_SZ /d "explorer.exe hxxp://ozirizsoos.info" <==== UWAGA Task: {A0E091B9-78BD-4AF2-A343-A08EBA2D72FD} - System32\Tasks\DllKitPRO => C:\Program Files (x86)\DllKitPRO\dllkitpro.exe Task: {E3F21FC3-039E-4869-85B9-72E325ECD813} - System32\Tasks\{4D9ADE7B-BD1D-46F3-B90D-4B8EA1D201A6} => C:\Windows\system32\pcalua.exe -a C:\Users\Murasaki\Downloads\win64_154519.4678.exe -d C:\Users\Murasaki\Downloads Task: C:\WINDOWS\Tasks\SlimCleaner Plus (Scheduled Scan - Murasaki).job => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe C:\WINDOWS\system32\default_error_stack-*.txt CMD: ipconfig /flushdns Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"}