CreateRestorePoint: CloseProcesses: EmptyTemp: HKU\S-1-5-21-2160839001-561708795-917029223-1001\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Klaudia\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" (Brak pliku) HKU\S-1-5-21-2160839001-561708795-917029223-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Klaudia\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (Brak pliku) HKU\S-1-5-21-2160839001-561708795-917029223-1001\...\RunOnce: [Uninstall 22.055.0313.0001] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Klaudia\AppData\Local\Microsoft\OneDrive\22.055.0313.0001" (Brak pliku) HKU\S-1-5-21-2160839001-561708795-917029223-1001\...\RunOnce: [Uninstall 22.065.0412.0004] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Klaudia\AppData\Local\Microsoft\OneDrive\22.065.0412.0004" (Brak pliku) HKU\S-1-5-21-2160839001-561708795-917029223-1001\...\MountPoints2: {e8192169-c1fc-11eb-924e-9828a6101ebf} - "E:\autorun.exe" GroupPolicy: Ograniczenia ? <==== UWAGA Policies: C:\ProgramData\NTUSER.pol: Ograniczenia <==== UWAGA Task: {1AD96460-3F6D-4A58-B18F-505A14645777} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe do-task "E7CF176E110C211B" Task: {8687A01B-D2D3-48E3-9946-EFA49BB1AD2F} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB" Task: {8EBA861E-A53E-40CC-A3AC-B234A385B2F5} - System32\Tasks\qAMt => C:\Users\Klaudia\AppData\Local\Temp\WFGr.vbs -> slgCjCQNFP xGOnRYhGAU "C:\Users\Klaudia\AppData\Local\Temp\zdoTSwpi.bat" <==== UWAGA Task: {964A4A61-1922-472E-A7B7-BF84F2E97956} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2332984 2022-03-09] (AVG Technologies USA, LLC -> AVG Technologies) Task: {DDBF8B32-89DF-4DA4-B944-2A156972DACD} - System32\Tasks\uVet => C:\Users\Klaudia\AppData\Local\Temp\gQXaR.vbs slgCjCQNFP xGOnRYhGAU "{1F3A041D-B6FB-470C-AE55-F26832B0D8CD}" (Brak pliku) <==== UWAGA Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe Tcpip\..\Interfaces\{ce1ff629-21ae-48a5-824f-21d597e9c30a}: [DhcpNameServer] 192.168.1.1 0.0.0.0 CHR HomePage: Default -> hxxp://www.gazeta.pl/0,0.html?p=190 2020-03-12 00:42 - 2020-03-12 00:42 - 000893608 _____ (AutoIt Team) C:\Users\Klaudia\AppData\Roaming\dwm.com 2020-03-10 01:29 - 2020-03-10 01:29 - 000189440 _____ () C:\Users\Klaudia\AppData\Roaming\FSojt.com 2020-03-10 01:30 - 2020-03-10 01:30 - 002132480 _____ () C:\Users\Klaudia\AppData\Roaming\Vfhs.com CustomCLSID: HKU\S-1-5-21-2160839001-561708795-917029223-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\Klaudia\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll => Brak pliku ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> Brak pliku ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> Brak pliku ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> Brak pliku ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> Brak pliku ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> Brak pliku ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> Brak pliku ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> Brak pliku HKU\S-1-5-21-2160839001-561708795-917029223-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gazeta.pl/0,0.html?p=190 HKU\S-1-5-21-2160839001-561708795-917029223-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer17win10.msn.com/?pc=ACTE SearchScopes: HKU\S-1-5-21-2160839001-561708795-917029223-1001 -> DefaultScope {FE7474FA-36C2-4E75-A35F-5032C202748B} URL = SearchScopes: HKU\S-1-5-21-2160839001-561708795-917029223-1001 -> {FE7474FA-36C2-4E75-A35F-5032C202748B} URL = CMD: netsh advfirewall reset cmd: ipconfig /flushdns RemoveProxy: Hosts: CMD: dir /a "C:\Users\Klaudia\AppData\Roaming"