CloseProcesses: CreateRestorePoint: HKLM-x32\...\Run: [] => [X] HKU\S-1-5-21-2405281539-2643959435-1294618563-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Fliqlo.scr [679936 2018-02-25] (ScreenTime Media) FF HKU\S-1-5-21-2405281539-2643959435-1294618563-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi => nie znaleziono CHR HKLM\...\Chrome\Extension: [kaebhgioafceeldhgjmendlfhbfjefmo] - C:\Program Files (x86)\EagleGet\addon\eagleget_cext@eagleget.com.crx CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx CHR HKU\S-1-5-21-2405281539-2643959435-1294618563-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx 2018-03-03 15:26 - 2018-03-03 15:26 - 000000000 ____D C:\Users\Lecho\AppData\Local\Tempzxpsign1996a3ef3c3f9334 2018-03-03 15:24 - 2018-03-03 15:24 - 000000000 ____D C:\Users\Lecho\AppData\Local\Tempzxpsigncf1588478d9e9e38 2018-03-03 15:24 - 2018-03-03 15:24 - 000000000 ____D C:\Users\Lecho\AppData\Local\Tempzxpsign90961df14b47461d 2018-03-03 15:24 - 2018-03-03 15:24 - 000000000 ____D C:\Users\Lecho\AppData\Local\Tempzxpsign51b450bc17bb3854 2018-03-03 15:24 - 2018-03-03 15:24 - 000000000 ____D C:\Users\Lecho\AppData\Local\Tempzxpsign102db24e34ceb0ad 2018-03-03 15:19 - 2018-03-03 15:19 - 000000000 ____D C:\Users\Lecho\AppData\Local\Tempzxpsign437af987575f0cff 2018-03-03 15:17 - 2018-03-03 15:17 - 000000000 ____D C:\Users\Lecho\AppData\Local\Tempzxpsign14a5f73d7b6761fa 2018-03-03 15:17 - 2018-03-03 15:17 - 000000000 ____D C:\Users\Lecho\AppData\Local\Tempzxpsign09152ef2190ad51d 2018-03-03 15:16 - 2018-03-03 15:16 - 000000000 ____D C:\Users\Lecho\AppData\Local\Tempzxpsignfd502964aa65f5b2 2018-03-03 15:16 - 2018-03-03 15:16 - 000000000 ____D C:\Users\Lecho\AppData\Local\Tempzxpsign546c0df3eeef7af6 2018-03-03 15:16 - 2018-03-03 15:16 - 000000000 ____D C:\Users\Lecho\AppData\Local\Tempzxpsign300cf397b54aac85 2018-03-03 15:15 - 2018-03-03 15:15 - 000000000 ____D C:\Users\Lecho\AppData\Local\Tempzxpsignd119f11c68c4cf91 2018-03-03 15:15 - 2018-03-03 15:15 - 000000000 ____D C:\Users\Lecho\AppData\Local\Tempzxpsigncf9e28abdb1b514e 2018-03-03 15:15 - 2018-03-03 15:15 - 000000000 ____D C:\Users\Lecho\AppData\Local\Tempzxpsign8ff24a13897314f8 2018-03-03 15:13 - 2018-03-03 15:13 - 000000000 ____D C:\Users\Lecho\AppData\Local\Tempzxpsign98343b6e55fb53e0 2018-03-03 15:13 - 2018-03-03 15:13 - 000000000 ____D C:\Users\Lecho\AppData\Local\Tempzxpsign81d6c705432009e7 2018-03-03 15:13 - 2018-03-03 15:13 - 000000000 ____D C:\Users\Lecho\AppData\Local\Tempzxpsign70246453a89840e0 2018-03-03 15:08 - 2018-03-03 15:08 - 000000000 ____D C:\Users\Lecho\AppData\Local\Tempzxpsign747e331df96b8566 2018-03-03 15:07 - 2018-03-03 15:07 - 000000000 ____D C:\Users\Lecho\AppData\Local\Tempzxpsign37df798b7d96bda9 2018-03-03 15:06 - 2018-03-03 15:06 - 000000000 ____D C:\Users\Lecho\AppData\Local\Tempzxpsignab7d91a27e754026 2018-03-03 15:03 - 2018-03-03 15:03 - 000000000 ____D C:\Users\Lecho\AppData\Local\Tempzxpsign03637483eb6bbca9 2018-03-03 14:57 - 2018-03-03 14:57 - 000000000 ____D C:\Users\Lecho\AppData\Local\Tempzxpsign9f007f7a60e7d31a 2018-03-03 14:57 - 2018-03-03 14:57 - 000000000 ____D C:\Users\Lecho\AppData\Local\Tempzxpsign4b4789760a9aef20 2018-03-03 14:57 - 2018-03-03 14:57 - 000000000 ____D C:\Users\Lecho\AppData\Local\Tempzxpsign1a3a031712bf0431 2018-03-03 14:57 - 2018-03-03 14:57 - 000000000 ____D C:\Users\Lecho\AppData\Local\Tempzxpsign152d81de20ce3d44 2018-02-27 22:15 - 2018-02-27 22:15 - 000000000 ____D C:\Users\Lecho\AppData\Local\Tempzxpsigne340ba4d98b29a2f 2018-02-27 22:15 - 2018-02-27 22:15 - 000000000 ____D C:\Users\Lecho\AppData\Local\Tempzxpsign61f440dd9bdcf30b 2018-02-27 22:15 - 2018-02-27 22:15 - 000000000 ____D C:\Users\Lecho\AppData\Local\Tempzxpsign3a4bf0d314d46198 2018-02-19 11:11 - 2018-02-19 11:11 - 000000000 ____D C:\Users\Lecho\AppData\Local\Tempzxpsign235589d1ded7800d 2018-02-19 11:10 - 2018-02-19 11:10 - 000000000 ____D C:\Users\Lecho\AppData\Local\Tempzxpsign7e23bf5a8eb76ae1 2018-02-19 11:10 - 2018-02-19 11:10 - 000000000 ____D C:\Users\Lecho\AppData\Local\Tempzxpsign3656187c23ddf99e 2018-02-19 11:10 - 2018-02-19 11:10 - 000000000 ____D C:\Users\Lecho\AppData\Local\Tempzxpsign13db6f5cd5ad9319 2018-02-19 11:01 - 2018-02-19 11:01 - 000000000 ____D C:\Users\Lecho\AppData\Local\Tempzxpsignb87c6dc49ad350f5 2018-02-19 11:01 - 2018-02-19 11:01 - 000000000 ____D C:\Users\Lecho\AppData\Local\Tempzxpsign7c63eb11b8d53283 2018-02-19 11:01 - 2018-02-19 11:01 - 000000000 ____D C:\Users\Lecho\AppData\Local\Tempzxpsign70ea5face3949387 2018-02-19 11:01 - 2018-02-19 11:01 - 000000000 ____D C:\Users\Lecho\AppData\Local\Tempzxpsign269bf4c8769112f2 Task: {0BC7749E-A3C6-420D-AC58-DAEBEF2E550B} - System32\Tasks\{39474679-2A25-4A1A-B404-89F974B3001C} => "c:\program files\mozilla firefox\firefox.exe" hxxps://ui.skype.com/ui/0/7.38.0.101/pl/abandoninstall?page=tsProgressBar EmptyTemp: Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"}