CloseProcesses: CreateRestorePoint: EmptyTemp: HKLM\...\Winlogon: [Shell] explorer.exe, d. b a t HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA Startup: C:\Users\Mariusz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RUNDLL32.EXE.lnk [2021-03-23] ShortcutAndArgument: RUNDLL32.EXE.lnk -> C:\Windows\System32\rundll32.exe => C:\Users\Mariusz\AppData\Local\Temp\WBXODM~1.DLL,fzVKHEGcBQ== GroupPolicy: Ograniczenia - Chrome <==== UWAGA Policies: C:\ProgramData\NTUSER.pol: Ograniczenia <==== UWAGA HKLM\SOFTWARE\Policies\Google: Ograniczenia <==== UWAGA Task: {0CA097F6-7F51-4189-903E-F1391A729907} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK Task: {0DDB73BB-E9A8-48C7-85F5-43E1321ED4B3} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969} Task: {1729C454-C402-4881-84E9-2BFC8D1987CE} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Brak pliku <==== UWAGA Task: {190D9423-AD61-4BF0-A5E9-DD74F3ADC2E0} - System32\Tasks\{C54D4EBC-1849-4660-BEDF-24E7C967F787} => "c:\program files\internet explorer\iexplore.exe" https://ui.skype.com/ui/0/7.40.0.151/pl/go/help.faq.installer?LastError=1603 Task: {19A76B63-36A5-4134-8EB6-FCA15972C503} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Brak pliku <==== UWAGA Task: {22DE96AA-FE54-49DC-B3C0-754C6660BDED} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Brak pliku <==== UWAGA Task: {24E93C02-45D0-4BCD-90BA-D0F70B827FCA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Brak pliku <==== UWAGA Task: {3141AAC7-DE44-4B29-9D2D-F58CA6F46ABD} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1} Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe Task: {3CE34424-53F0-434C-801C-C3310C8F57F3} - \TASKDIRFORTASKCREATE\TASKFORTASKCREATE -> Brak pliku <==== UWAGA Task: {3DB02C6E-07D1-4F02-8605-7B313A0ECC09} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe Task: {3EADE1E4-7A6F-40E9-9277-D65A5F0E3B86} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Brak pliku <==== UWAGA Task: {5675412D-AA24-4C12-BD5E-A3F7671E3BAC} - \Microsoft\Windows\UNP\RunCampaignManager -> Brak pliku <==== UWAGA Task: {5724FCAE-F7AE-4351-B4F1-371BC831AA00} - System32\Tasks\{68B7BBC6-2A46-457B-99FD-097EA4BF9FC1} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" Task: {59506601-1CDC-4EDF-B9B7-F30E6AEF729C} - \Program aktualizacji online firmy Adobe. -> Brak pliku <==== UWAGA Task: {5C825A78-83E6-4F03-9B67-7433CF93BEEB} - System32\Tasks\Driver Booster SkipUAC (Mariusz) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [7932416 2020-07-24] (IObit) [Brak podpisu cyfrowego] Task: {644ED097-CA75-4D1B-8A90-7A2624684A49} - System32\Tasks\Adobe Flash TXL Files Update ver_202018 => C:\ProgramData\QTalk.exe [253496 2020-01-08] (Tencent Technology(Shenzhen) Company Limited -> Tencent) <==== UWAGA Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Task: {7C0C03ED-4D20-4255-B657-BB8A2195D44E} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E} Task: {7D11AD7B-7683-4913-892E-59450912C69B} - \{DB743FC9-7CA7-42E8-9D6D-5908C374DE01} -> Brak pliku <==== UWAGA Task: {81958CC0-4106-40EC-902A-AE573CFD9478} - System32\Tasks\{A302A72A-C84A-4473-8704-E384A3AC605B} => "c:\program files\internet explorer\iexplore.exe" https://ui.skype.com/ui/0/7.40.0.151/pl/go/help.faq.installer?LastError=1603 Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE} Task: {89C24172-327F-459A-BA04-D717CDF8097B} - System32\Tasks\{38B5BF5D-0E8C-49ED-8E85-FDD32AC826C0} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\HIP GAMES\Garfield\garfield.exe" -d "C:\Program Files (x86)\HIP GAMES\Garfield" Task: {8FC61A39-3FCC-40DC-8222-EE4B5A9DEAA1} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Brak pliku <==== UWAGA Task: {93A2BF5B-4864-42D6-AB35-CE1006FFB543} - System32\Tasks\{A93C893E-0940-4B7F-94E2-5FFCD2372E37} => "c:\program files\internet explorer\iexplore.exe" https://ui.skype.com/ui/0/7.40.0.103/pl/go/help.faq.installer?LastError=1603 Task: {94CD9053-54E4-4574-ADC3-46C128E1EEF8} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61} Task: {96DDB1F8-4BF8-48D2-B6F8-BD847BFF2BE8} - \WPD\SqmUpload_S-1-5-21-2384729773-2530975304-3792660739-1002 -> Brak pliku <==== UWAGA Task: {A31ECB63-E6C6-43CA-A37B-7C2D5AEA4D5E} - System32\Tasks\Opera scheduled Autoupdate 1513373007 => C:\Users\Mariusz\AppData\Local\Programs\Opera\launcher.exe Task: {AB5182C2-4DF9-4301-A588-43BA87FB1CEA} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Brak pliku <==== UWAGA Task: {B1344132-BAA2-4935-91E7-D4A4E4F1B55A} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => {EBF00FCB-0769-4B81-9BEC-6C05514111AA} Task: {B2CA82CC-495F-487D-9E96-82618C82DCCE} - System32\Tasks\{8424647E-EE42-41EF-B885-F5EA46FD960B} => "c:\program files\internet explorer\iexplore.exe" https://ui.skype.com/ui/0/7.39.0.102/pl/go/help.faq.installer?LastError=1603 Task: {B5E0C435-AD8F-40FC-9D29-6D9C77E7076E} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Brak pliku <==== UWAGA Task: {B945E293-6078-43AD-A21C-2D5AC0EA8BEC} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Brak pliku <==== UWAGA Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371} Task: {D51B51E4-7B53-4CF5-80B2-831903D8EB7B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Brak pliku <==== UWAGA Task: {D67A06BA-793F-4B17-A426-AF6DC7DA4BB2} - System32\Tasks\{28B19968-0F08-47F0-9CD2-113653B20F87} => "c:\program files\internet explorer\iexplore.exe" https://ui.skype.com/ui/0/7.40.0.151/pl/go/help.faq.installer?LastError=1603 Task: {DD77CF3B-D0DF-4DBA-B49A-D312AF28A5A2} - System32\Tasks\{EC4555EB-4A2C-4BA5-9280-9EF5FD41B93A} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\Activision\Call of Duty 2\cod2sp_s.exe" -d "C:\Program Files (x86)\Activision\Call of Duty 2\" Task: {E02D2BFD-335F-41BF-BE4D-C618E437EBAA} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe Task: {E07CA684-BA93-4338-AE27-ABFC35011706} - System32\Tasks\{938BC64B-536A-4FD8-8B50-F58AED0455F6} => "c:\program files\internet explorer\iexplore.exe" https://ui.skype.com/ui/0/7.40.0.103/pl/go/help.faq.installer?LastError=1603 Task: {E7F546CD-45DE-4365-8986-76EF228B00D4} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Brak pliku <==== UWAGA Task: {ECBD6CB4-C386-43A2-B601-399C3756C165} - System32\Tasks\{C7FA4D5B-47BC-4A31-8616-41C9BF82D24A} => "c:\program files\internet explorer\iexplore.exe" http://ui.skype.com/ui/0/7.0.0.102/pl/abandoninstall?page=tsProgressBar Task: {EE695EB7-6FC9-4C99-928D-21F56521605A} - System32\Tasks\{AD92C709-ECE4-43C6-89F3-B5220104F24C} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\Activision\Call of Duty 2\cod2mp_s.exe" -d "C:\Program Files (x86)\Activision\Call of Duty 2\" Task: {F50F9C5A-8AB7-403A-AEC2-E4D19BF05AAA} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316} Task: C:\WINDOWS\Tasks\Adobe Flash TXL Files Update ver_202018.job => C:\ProgramData\QTalk.exe/check_updat C:\Program Files (x86)\SopaDOM\Mariusz5This task detect has update for txl files.ver <==== UWAGA Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe ProxyServer: [S-1-5-21-2384729773-2530975304-3792660739-1002] => 127.0.0.1:8080 Tcpip\..\Interfaces\{15d5ad8e-310b-43de-acc3-f9b206a3ee92}: [DhcpNameServer] 192.168.8.1 Tcpip\..\Interfaces\{32030b03-6fee-4cd0-8b61-a85a0c9348bf}: [DhcpNameServer] 192.168.8.1 192.168.8.1 Tcpip\..\Interfaces\{3b9ba31f-5ac7-4f5a-be39-ba381b925e9d}: [DhcpNameServer] 192.168.8.1 192.168.8.1 Tcpip\..\Interfaces\{3f8e8087-88e3-4c3e-a5f3-534368c7b738}: [DhcpNameServer] 192.168.8.1 FF HKLM\...\Firefox\Extensions: [{90ca575e-4c80-47b5-8a3b-ad862f38a292}] - C:\Program Files (x86)\SafeMyWeb\ff\safe_my_web-1.0.1-fx.xpi => nie znaleziono FF HKLM-x32\...\Firefox\Extensions: [{90ca575e-4c80-47b5-8a3b-ad862f38a292}] - C:\Program Files (x86)\SafeMyWeb\ff\safe_my_web-1.0.1-fx.xpi => nie znaleziono FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => nie znaleziono FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\mcafee\msc\npMcSnFFPl64.dll [Brak pliku] FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\msc\npMcSnFFPl.dll [Brak pliku] U4 ekrn; Brak ImagePath 2021-03-23 20:23 - 2021-03-23 20:23 - 000000000 ____D C:\ProgramData\Posse 2021-03-23 20:22 - 2021-03-23 20:31 - 000000000 ____D C:\Users\Mariusz\AppData\Roaming\HnOpTtukFW 2021-03-23 20:22 - 2021-03-23 20:23 - 000000000 ____D C:\Users\Mariusz\AppData\Roaming\HrPaRxnLfckqpnfgCv 2021-03-23 20:22 - 2021-03-23 20:22 - 000000000 ____D C:\Users\Mariusz\AppData\Roaming\Uadeko 2021-03-23 20:21 - 2021-03-23 20:21 - 000000000 ____D C:\Users\Mariusz\AppData\Roaming\Bilbo 2021-03-23 20:19 - 2021-03-23 20:23 - 000000000 ____D C:\Users\Mariusz\AppData\Roaming\LExndcqUFVu 2021-03-23 19:42 - 2021-03-23 19:42 - 000000000 ____D C:\Users\Mariusz\AppData\Roaming\Helge Klein 2021-03-21 19:47 - 2021-03-21 19:47 - 000000036 _____ C:\WINDOWS\1J_2ryIwgOpN3Wg4wdI8k08Uck5Hi-K-z@e=download 2021-03-21 19:15 - 2021-03-21 19:15 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job 2021-03-21 19:13 - 2021-03-12 09:18 - 000000308 _____ C:\WINDOWS\e.reg 2021-03-21 19:13 - 2021-02-26 00:31 - 000002298 _____ C:\WINDOWS\d.bat 2021-03-21 19:13 - 2021-01-25 17:45 - 000000308 _____ C:\WINDOWS\c.reg 2021-03-21 19:13 - 2021-01-25 17:45 - 000000302 _____ C:\WINDOWS\mn.reg 2021-03-21 19:13 - 2021-01-25 17:45 - 000000302 _____ C:\WINDOWS\mf.reg 2021-03-21 19:13 - 2021-01-25 17:45 - 000000001 _____ C:\WINDOWS\y.txt 2021-03-21 18:18 - 2021-03-01 19:37 - 000002837 _____ C:\WINDOWS\e.bat 2021-03-21 14:06 - 2021-03-21 19:13 - 000000000 ____D C:\WINDOWS\w 2021-03-21 14:06 - 2021-03-21 19:13 - 000000000 ____D C:\WINDOWS\c 2021-03-13 21:30 - 2021-03-13 21:30 - 000003610 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1513373007 2021-03-23 20:08 - 2016-02-15 21:53 - 000000266 __RSH C:\ProgramData\ntuser.pol FW: COMODO Firewall (Disabled) {3D87FB90-B561-70B4-3B0B-BCEFE7656ABC} ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> Brak pliku ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> Brak pliku ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> Brak pliku ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> Brak pliku ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> Brak pliku ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> Brak pliku ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> Brak pliku ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> Brak pliku ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> Brak pliku ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> Brak pliku ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> Brak pliku ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> Brak pliku ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> Brak pliku ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> Brak pliku ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> Brak pliku ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> Brak pliku ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> Brak pliku ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> Brak pliku ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> Brak pliku ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> Brak pliku ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> Brak pliku HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-2384729773-2530975304-3792660739-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.onet.pl/ SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2384729773-2530975304-3792660739-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00 SearchScopes: HKU\S-1-5-21-2384729773-2530975304-3792660739-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00 IE trusted site: HKU\S-1-5-21-2384729773-2530975304-3792660739-1002\...\localhost -> localhost IE trusted site: HKU\S-1-5-21-2384729773-2530975304-3792660739-1002\...\webcompanion.com -> hxxp://webcompanion.com RemoveProxy: Hosts: