CloseProcesses: CreateRestorePoint: ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll -> Brak pliku ContextMenuHandlers1: [ArcabitShell] -> {D7824897-C8DC-49b4-B790-30F7ED16A5FD} => C:\Program Files\Arcabit\arcavir\avshell.dll -> Brak pliku ContextMenuHandlers6: [ArcabitShell] -> {D7824897-C8DC-49b4-B790-30F7ED16A5FD} => C:\Program Files\Arcabit\arcavir\avshell.dll -> Brak pliku ContextMenuHandlers5_S-1-5-21-1185433337-1787618353-186506704-1001: [GGDriveMenu] -> {E68D0A55-3C40-4712-B90D-DCFA93FF2534} => -> Brak pliku Task: {0192C01F-59EA-4D23-97ED-9D6027818CD6} - Brak ścieżki do pliku Task: {0585F317-D810-4499-9EED-6973AFBC4AA0} - Brak ścieżki do pliku Task: {07E3F74A-AE0E-411C-9FCB-978A963EBA9E} - Brak ścieżki do pliku Task: {0BF7AEE7-99F3-4B03-9CD9-5000FFB28C19} - Brak ścieżki do pliku Task: {0EFA847D-16B6-40AC-B0E8-C89D949695EB} - Brak ścieżki do pliku Task: {1915E8CD-A813-4BB5-B3E6-CD71EE1988A0} - Brak ścieżki do pliku Task: {1B82196C-6EAC-4DAD-B221-D981A9FE0D01} - Brak ścieżki do pliku Task: {1FBAB182-8802-4003-8AF3-0C654F70340F} - Brak ścieżki do pliku Task: {218ADD62-53E1-43C7-A0DC-CFB2C7958B33} - Brak ścieżki do pliku Task: {21A1D20E-BC70-48A5-9A87-101ACEAEC267} - Brak ścieżki do pliku Task: {30C1FCDF-6141-49E2-8D0F-7C91C8CA10CB} - Brak ścieżki do pliku Task: {4036F97E-8173-483D-8EB5-CB8C5BA323C3} - Brak ścieżki do pliku Task: {41A7860A-AE41-48B9-B72E-2ED15EAB2461} - Brak ścieżki do pliku Task: {66DD6562-3FE9-4A47-BBB3-F23619A43056} - Brak ścieżki do pliku Task: {6FB59AB0-B559-4F7C-B78B-C270F7778277} - Brak ścieżki do pliku Task: {70113FBC-83B6-4923-8D75-39FE5CF7A85D} - Brak ścieżki do pliku Task: {9164C65D-6D11-4FC6-A452-8DC8AD5D1B82} - Brak ścieżki do pliku Task: {952C2F7A-45E7-4694-A5EB-9B56B4735F1B} - Brak ścieżki do pliku Task: {9F74DCE2-2B98-4624-9BC5-F212AEB39646} - Brak ścieżki do pliku Task: {A0E6BD61-B034-46D7-A22D-1B604842E2AF} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe Task: {A17070C3-4F25-4A99-87E1-9B703C9670E9} - Brak ścieżki do pliku Task: {AAF87A9D-CE07-44CB-B6A5-894F017AF9F0} - Brak ścieżki do pliku Task: {AC35107D-03D7-490B-924A-4B411AF44184} - Brak ścieżki do pliku Task: {B4B6FF56-DA70-4D0B-AD0B-584B67F378BB} - Brak ścieżki do pliku Task: {B4FA3AFA-58A4-49E2-B7D8-C2A4AB9ACB55} - Brak ścieżki do pliku Task: {B95BE070-CD5A-4C97-ADC5-E084B63DE77F} - Brak ścieżki do pliku Task: {BA5C5E9D-72CE-4503-A354-76595DBB005C} - Brak ścieżki do pliku Task: {BDF777F8-FA2E-46F9-8F38-E97A07F57249} - Brak ścieżki do pliku Task: {C3C4411C-7BB7-48D3-8BAB-1371DE669320} - Brak ścieżki do pliku Task: {C52B8706-521B-4BD6-9884-C00F2A9DFB9E} - Brak ścieżki do pliku Task: {C5CE932F-997F-43D9-9C37-23C166EB1C78} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_28_0_0_137_pepper.exe [2018-02-01] (Adobe Systems Incorporated) Task: {CB223BA4-B4C4-496A-BB9D-1C762A28FA0E} - Brak ścieżki do pliku Task: {CD586CC9-9385-463B-A1D5-79E30AD60657} - \Lukrybdather -> Brak pliku <==== UWAGA Task: {D029B8C5-3D12-48B1-89C8-92DFA37ECA15} - Brak ścieżki do pliku Task: {D4FEDD17-2EEC-47F0-80BF-7056ECDDF907} - Brak ścieżki do pliku Task: {F46A149C-EDE0-42B1-9F25-8CAFFE3CCE12} - Brak ścieżki do pliku AlternateDataStreams: C:\ProgramData\Microsoft:kkOX72Ai37oHYvCZRlef0aC7b [2176] AlternateDataStreams: C:\ProgramData\Microsoft:NkwU3l3kxXKdx8YZF7li1xDlCET [2188] AlternateDataStreams: C:\ProgramData\TEMP:430C6D84 [127] AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1 [112] AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2 [105] HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE -> HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE -> HKU\S-1-5-21-1185433337-1787618353-186506704-1001\...\Run: [ycAutoLaunch_CBE63ED6561D718D9FD47AEF2B5633E9] => C:\Users\mateusz\AppData\Local\yc\Application\yc.exe [921088 2017-08-18] (The Chromium Authors) <==== UWAGA HKU\S-1-5-21-1185433337-1787618353-186506704-1001\...\MountPoints2: H - H:\HiSuiteDownLoader.exe HKU\S-1-5-21-1185433337-1787618353-186506704-1001\...\MountPoints2: {1b12122c-8242-11e6-b004-90e6bab6c33f} - H:\HiSuiteDownLoader.exe HKU\S-1-5-21-1185433337-1787618353-186506704-1001\...\MountPoints2: {1b121239-8242-11e6-b004-90e6bab6c33f} - H:\HiSuiteDownLoader.exe HKU\S-1-5-21-1185433337-1787618353-186506704-1001\...\MountPoints2: {20338923-8263-11e6-8e62-90e6bab6c33f} - H:\HiSuiteDownLoader.exe HKU\S-1-5-21-1185433337-1787618353-186506704-1001\...\MountPoints2: {20338966-8263-11e6-8e62-90e6bab6c33f} - H:\HiSuiteDownLoader.exe HKU\S-1-5-21-1185433337-1787618353-186506704-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> GroupPolicy: Ograniczenia - Chrome <==== UWAGA GroupPolicy\User: Ograniczenia <==== UWAGA CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <==== UWAGA Tcpip\Parameters: [DhcpNameServer] 37.8.214.2 31.11.202.254 Tcpip\..\Interfaces\{012EA010-CAF7-4DED-9CEF-76DE677E90AA}: [NameServer] 8.8.8.8,8.8.8.8 Tcpip\..\Interfaces\{8B303904-071E-4E7A-AA7E-343E63EC7769}: [NameServer] 35.177.46.238,46.101.28.31,82.202.226.203,37.8.214.2,31.11.202.254 Tcpip\..\Interfaces\{8B303904-071E-4E7A-AA7E-343E63EC7769}: [DhcpNameServer] 37.8.214.2 31.11.202.254 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKU\S-1-5-21-1185433337-1787618353-186506704-1001\Software\Microsoft\Internet Explorer\Main,Start Page = SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = SearchScopes: HKU\S-1-5-21-1185433337-1787618353-186506704-1001 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={searchTerms}&fr=ntg&product_id=%7BED135AA3-E956-4FC4-AC7E-6ADDB6ECB780%7D&gp=855507 SearchScopes: HKU\S-1-5-21-1185433337-1787618353-186506704-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1185433337-1787618353-186506704-1001 -> {19D0DE29-FE97-4BC4-B30E-83999A951B52} URL = hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-1185433337-1787618353-186506704-1001 -> {2F2E25EA-543B-4133-AF9C-9DD21B9E95C3} URL = hxxps://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-1185433337-1787618353-186506704-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear SearchScopes: HKU\S-1-5-21-1185433337-1787618353-186506704-1001 -> {6fcad291-2f36-47d8-a77e-d4a611fa774a} URL = hxxps://search.gmx.com/web/result?q={searchTerms}&origin=p_jkld_y0_w35&p=jkld&p_brw=ie&p_mkt=pl&p_tsrc=301 SearchScopes: HKU\S-1-5-21-1185433337-1787618353-186506704-1001 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={searchTerms}&fr=ntg&product_id=%7BED135AA3-E956-4FC4-AC7E-6ADDB6ECB780%7D&gp=855507 SearchScopes: HKU\S-1-5-21-1185433337-1787618353-186506704-1001 -> ŰźĆîZ§’2ąŢpv¨IÍá*X(Ž2s(ŰÎŔJşÔÓµť± vË°!×—(äĽ48иpatm6ęo^Mp`Ëő÷_iŁw˜ľ!„Áű†x˘8€ŮjŔ˙ţ ´Ń;áa´[¦†8 ş~ŹRŮxśňÜ8'Ł-)x­ä­ URL = BHO: TinyBHO Class -> {00e71626-0bef-11dc-8314-0864264c9a64} -> C:\Users\mateusz\AppData\Roaming\DownloaderGold\ieplug.dll [2014-02-12] () StartMenuInternet: IEXPLORE.EXE - iexplore.exe FF Homepage: Mozilla\Firefox\Profiles\v07a5ilt.default -> hxxp://mail.ru/cnt/10445?gp=855407 FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => nie znaleziono FF Plugin: @microsoft.com/GENUINE -> disabled [Brak pliku] FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Brak pliku] StartMenuInternet: FIREFOX.EXE - firefox.exe CHR HomePage: ChromeDefaultData -> inline.go.mail.ru CHR DefaultSearchURL: ChromeDefaultData -> hxxps://inline.go.mail.ru/search?inline_comp=dse&q={searchTerms}&fr=chxtn12.0.23 CHR DefaultSearchKeyword: ChromeDefaultData -> inline.go.mail.ru CHR DefaultSuggestURL: ChromeDefaultData -> hxxp://suggests.go.mail.ru/chrome?q={searchTerms} CHR Profile: C:\Users\mateusz\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2018-02-24] <==== UWAGA CHR HKLM-x32\...\Chrome\Extension: [bhjhnafpiilpffhglajcaepjbnbjemci] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [hcadgijmedbfgciegjomfpjcdchlhnif] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [lhemechcanjmilllmccjbjldonmnnjjj] - hxxps://clients2.google.com/service/update2/crx StartMenuInternet: (HKLM) Opera - C:\Program Files\Opera x64\Opera.exe S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [X] U3 au3cekkd; C:\Windows\System32\Drivers\au3cekkd.sys [0 ] (Microsoft Corporation) <==== UWAGA (zerobajtowy plik/folder) S3 ALSysIO; \??\C:\Users\mateusz\AppData\Local\Temp\ALSysIO64.sys [X] <==== UWAGA S3 BEDaisy; \??\C:\Program Files (x86)\Common Files\BattlEye\BEDaisy.sys [X] S3 cpuz138; \??\C:\Users\mateusz\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [X] <==== UWAGA S1 ESProtectionDriver; \??\C:\Windows\system32\drivers\mbae64.sys [X] S3 MBAMFarflt; \??\C:\Windows\system32\drivers\farflt.sys [X] S3 MBAMProtection; \??\C:\Windows\system32\drivers\mbam.sys [X] S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X] S3 VBAudioVACMME; system32\DRIVERS\vbaudio_cable64_win7.sys [X] C:\Users\mateusz\AppData\Local\yc\Application\yc.exe 2018-02-24 17:33 - 2018-02-24 17:33 - 001708720 _____ (Mail.Ru) C:\Users\mateusz\AppData\Local\Temp\4Lt4qEylGkQq.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StuMilowaDolina.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio\OBS Studio (32bit).lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio\OBS Studio (64bit).lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio\Uninstall.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ivo\Ivona_Demo-1.0\Napisz list do IVO Software.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line\FL Studio 12.lnk C:\ProgramData\Media Center Programs\DriverParallelLines.lnk C:\Users\mateusz\Desktop\Call of Duty® World at War — skrót.lnk C:\Users\mateusz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\FL Studio 12 (32bit).lnk C:\Users\mateusz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\FL Studio 12 (64bit).lnk C:\Users\mateusz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2\ASIO4ALL v2 Instruction Manual.lnk C:\Users\mateusz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2\ASIO4ALL Web Site.lnk C:\Users\mateusz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2\Uninstall.lnk C:\Users\mateusz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk C:\Users\mateusz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9690809c1adfae92\Google Chrome.lnk C:\Users\mateusz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\360c22b137d62ce9\Google Chrome.lnk C:\Users\mateusz\AppData\Local\Microsoft\Windows\GameExplorer\{E74D6794-49FD-4EA8-A47D-F0D25AC72B6E}\PlayTasks\0\Zagraj.lnk C:\Users\mateusz\AppData\Local\Microsoft\Windows\GameExplorer\{8051425F-B59C-4823-9118-AFB9520D4BEB}\PlayTasks\0\Zagraj.lnk C:\Users\mateusz\AppData\Local\Microsoft\Windows\GameExplorer\{457C5BB4-3EF9-494F-973B-C1AF3357D2FC}\PlayTasks\4\Zarejestruj grę.lnk C:\Users\mateusz\AppData\Local\Microsoft\Windows\GameExplorer\{457C5BB4-3EF9-494F-973B-C1AF3357D2FC}\PlayTasks\3\Wykrywanie sprzętu.lnk C:\Users\mateusz\AppData\Local\Microsoft\Windows\GameExplorer\{457C5BB4-3EF9-494F-973B-C1AF3357D2FC}\PlayTasks\2\ReadMe.lnk C:\Users\mateusz\AppData\Local\Microsoft\Windows\GameExplorer\{457C5BB4-3EF9-494F-973B-C1AF3357D2FC}\PlayTasks\1\Podręcznik gry.lnk C:\Users\mateusz\AppData\Local\Microsoft\Windows\GameExplorer\{457C5BB4-3EF9-494F-973B-C1AF3357D2FC}\PlayTasks\0\Uruchom grę Driver Parallel Lines.lnk C:\Users\mateusz\AppData\Local\Microsoft\Windows\GameExplorer\{1156E715-FA83-4042-ACB8-A6162986CA10}\PlayTasks\0\Zagraj.lnk EmptyTemp: Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"} CMD: netsh advfirewall reset CMD: ipconfig /flushdns