CloseProcesses:
CreateRestorePoint:
EmptyTemp:
HKU\S-1-5-21-3729022659-4076590028-3572547655-1001\...\MountPoints2: {00558127-180d-11e8-befa-24ec99fa5dd6} - "E:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-3729022659-4076590028-3572547655-1001\...\MountPoints2: {53feac46-d3e4-11e9-bf03-7054d23e9946} - "E:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-3729022659-4076590028-3572547655-1001\...\MountPoints2: {91bff7ed-8c9e-11ea-bf29-7054d23e9946} - "E:\HiSuiteDownLoader.exe" 
HKU\S-1-5-18\...\Winlogon: [Shell] C:\WINDOWS\explorer.exe [4673304 2016-11-02] (Microsoft Windows -> Microsoft Corporation) <==== UWAGA
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iexplorer.lnk [2019-01-18]
ShortcutAndArgument: iexplorer.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe =>   -W Hidden -Exec -nop $t=Get-ItemProperty -Path 'HKCU:\Software\Classes\mssccfile' -Name t;IEX $t.t;
GroupPolicyUsers\S-1-5-21-3729022659-4076590028-3572547655-1002\User: Ograniczenia <==== UWAGA
GroupPolicyUsers\S-1-5-21-3729022659-4076590028-3572547655-1001\User: Ograniczenia <==== UWAGA
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Ograniczenia <==== UWAGA
CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <==== UWAGA
Task: {44DB7CEF-C12D-4522-9FCF-BEFB6350EBC8} - System32\Tasks\{FE77194C-0D1D-4E5A-9B5D-6BDB42E51B3E} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\user\AppData\Local\Roblox\Versions\version-934c86ec4aa148f0\RobloxPlayerLauncher.exe -c -uninstall
Task: {517E7ABF-118E-4C97-A703-92F4B9E8BD14} - \WPD\SqmUpload_S-1-5-21-3729022659-4076590028-3572547655-1002 -> Brak pliku <==== UWAGA
Task: {670FDB82-F3C4-4B29-AEC8-EC8662FD5275} - \WPD\SqmUpload_S-1-5-21-3729022659-4076590028-3572547655-1001 -> Brak pliku <==== UWAGA
Task: {6ABA3666-2BBE-4CC8-B33E-D116519B651E} - System32\Tasks\{BD7E1FE7-4645-4210-A185-7C4742D7D0FC} => C:\windows\system32\pcalua.exe -a "C:\Program Files (x86)\ipla\uninst.exe"
Task: {6DD6AD79-1833-4C1D-AC7C-DFC73278C92F} - \Microsoft\Windows\Setup\EOSNotify -> Brak pliku <==== UWAGA
Task: {716FCFDC-A159-4E28-9D8F-76C922512CFB} - System32\Tasks\{602D10A1-B75B-4A48-82D2-3E15652DB32E} => C:\windows\system32\pcalua.exe -a "C:\Users\user\Instrukcje VAG KKL\Sterownik\Sterownik_windows_xp_vista_7_8.exe" -d "C:\Users\user\Instrukcje VAG KKL\Sterownik"
Task: {73100EB9-400A-41C6-A9AA-44D650409842} - System32\Tasks\{EE1691D4-E88E-4246-AC80-1BDB99B8D0ED} => C:\windows\system32\pcalua.exe -a "C:\Users\user\Instrukcje VAG KKL\VAG\VAG-COM 3112 z laptopa\VagCom.exe" -d "C:\Users\user\Instrukcje VAG KKL\VAG\VAG-COM 3112 z laptopa"
Task: {9E38EE20-BE79-44F5-B60F-FCB358474F27} - System32\Tasks\{A132B3F6-BB3A-42C7-9BB5-E7264182E0D0} => C:\windows\system32\pcalua.exe -a "C:\Program Files (x86)\VAG-COM\VagCom.exe" -d "C:\Program Files (x86)\VAG-COM"
Task: {B8074196-41D9-4723-9618-ABDD42B992BC} - System32\Tasks\{060908F4-E605-47F0-8AB3-58A46D2A38BD} => C:\windows\system32\pcalua.exe -a C:\Users\user\AppData\Roaming\omiga-plus\UninstallManager.exe -c  -ptid=cor <==== UWAGA
Task: {CA838D7D-291C-4665-A6EE-B4319107F726} - System32\Tasks\{765E170B-00BE-47E9-B174-5958B643586A} => C:\windows\system32\pcalua.exe -a "C:\Users\user\Instrukcje VAG KKL\Sterownik\Sterownik_windows_8.1.exe" -d "C:\Users\user\Instrukcje VAG KKL\Sterownik"
Task: {DCC1CD56-F361-400A-BB8F-147275F3A4A5} - System32\Tasks\Bitdefender Update Product Data_A17FD818A96743FAB28AC221BEB4B2C8 => C:\Program Files\Bitdefender\Bitdefender 2015\bdproductdata.exe
Task: {EA2F0FB4-8043-4F6B-BEFA-1D8BB4BE0064} - \GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-3729022659-4076590028-3572547655-1001 -> Brak pliku <==== UWAGA
Task: {F181030A-7695-4B9D-8D60-A0FCA41693F8} - System32\Tasks\{5181B206-BA33-4254-A4B8-18C63E9F0606} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.5.0.102/pl/abandoninstall?page=tsProgressBar
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Tcpip\..\Interfaces\{c5761aa3-53bc-4bc6-97fc-b9bd0c91a513}: [DhcpNameServer] 192.168.100.1
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKU\S-1-5-21-3729022659-4076590028-3572547655-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={ECC9726E-21BB-4DF5-AA00-97932FD1903B}&mid=69e5b3768caf47cd9dcff5a5df1eb425-259b902e776cdbd3cffed9d3bfcfb45e7cccfe4a&lang=pl&ds=AVG&coid=avgtbavg&cmpid=0117tb&pr=fr&d=2016-03-12 08:34:23&v=4.3.9.605&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3729022659-4076590028-3572547655-1001 -> {C0C086E7-4A26-4AB0-A07E-7A11BB25C393} URL = 
BHO: Brak nazwy -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> Brak pliku
Toolbar: HKU\S-1-5-21-3729022659-4076590028-3572547655-1001 -> Brak nazwy - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -  Brak pliku
FF HKLM-x32\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8at0w2m4.default\extensions\faststartff@gmail.com => nie znaleziono
U1 netfilter2; Brak ImagePath
2020-05-01 16:08 - 2020-05-01 16:08 - 000000616 __RSH C:\Users\Rafał\ntuser.pol
2015-09-25 16:47 - 2015-09-25 16:47 - 000000000 _____ () C:\Users\user\AppData\Roaming\gdfw.log
2015-09-25 16:47 - 2015-09-25 16:47 - 000000779 _____ () C:\Users\user\AppData\Roaming\gdscan.log
CustomCLSID: HKU\S-1-5-21-3729022659-4076590028-3572547655-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\user\AppData\Local\Microsoft\OneDrive\19.232.1124.0012\amd64\FileSyncShell64.dll => Brak pliku
CustomCLSID: HKU\S-1-5-21-3729022659-4076590028-3572547655-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\user\AppData\Local\Microsoft\OneDrive\19.232.1124.0012\amd64\FileSyncShell64.dll => Brak pliku
CustomCLSID: HKU\S-1-5-21-3729022659-4076590028-3572547655-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\user\AppData\Local\Microsoft\OneDrive\19.232.1124.0012\amd64\FileSyncShell64.dll => Brak pliku
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Brak pliku
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Brak pliku
2015-12-01 11:13 - 2015-12-01 11:12 - 000425744 _____ (Lavasoft Limited -> Lavasoft Limited) [Brak podpisu cyfrowego] C:\windows\system32\LavasoftTcpService64.dll
IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-3729022659-4076590028-3572547655-1001\...\download.microsoft.com -> hxxp://download.microsoft.com
IE trusted site: HKU\S-1-5-21-3729022659-4076590028-3572547655-1001\...\download.windowsupdate.com -> hxxp://download.windowsupdate.com
IE trusted site: HKU\S-1-5-21-3729022659-4076590028-3572547655-1001\...\download.windowsupdate.com -> hxxps://download.windowsupdate.com
IE trusted site: HKU\S-1-5-21-3729022659-4076590028-3572547655-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-3729022659-4076590028-3572547655-1001\...\microsoft.com -> hxxp://ntservicepack.microsoft.com
IE trusted site: HKU\S-1-5-21-3729022659-4076590028-3572547655-1001\...\ntservicepack.microsoft.com -> hxxp://ntservicepack.microsoft.com
IE trusted site: HKU\S-1-5-21-3729022659-4076590028-3572547655-1001\...\update.microsoft.com -> hxxp://update.microsoft.com
IE trusted site: HKU\S-1-5-21-3729022659-4076590028-3572547655-1001\...\update.microsoft.com -> hxxps://update.microsoft.com
IE trusted site: HKU\S-1-5-21-3729022659-4076590028-3572547655-1001\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-3729022659-4076590028-3572547655-1001\...\windows.com -> hxxp://wustat.windows.com
IE trusted site: HKU\S-1-5-21-3729022659-4076590028-3572547655-1001\...\windowsupdate.com -> hxxp://download.windowsupdate.com
IE trusted site: HKU\S-1-5-21-3729022659-4076590028-3572547655-1001\...\windowsupdate.com -> hxxps://download.windowsupdate.com
IE trusted site: HKU\S-1-5-21-3729022659-4076590028-3572547655-1001\...\windowsupdate.microsoft.com -> hxxp://windowsupdate.microsoft.com
IE trusted site: HKU\S-1-5-21-3729022659-4076590028-3572547655-1001\...\ws.microsoft.com -> hxxp://ws.microsoft.com
IE trusted site: HKU\S-1-5-21-3729022659-4076590028-3572547655-1001\...\ws.microsoft.com -> hxxps://ws.microsoft.com
IE trusted site: HKU\S-1-5-21-3729022659-4076590028-3572547655-1001\...\wustat.windows.com -> hxxp://wustat.windows.com
FirewallRules: [TCP Query User{2EE24F3C-55AB-4CB5-A1D6-D30B25B2A0A4}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe Brak pliku
FirewallRules: [UDP Query User{1BF47DE2-D9E5-43FC-84AE-E82E1BE1744B}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe Brak pliku
FirewallRules: [TCP Query User{8EA2AA29-6A83-4E01-B291-CB1B33FDA332}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe Brak pliku
FirewallRules: [{B796FDE7-6B74-4781-B8F3-61AD584E3412}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe Brak pliku
FirewallRules: [{2B2997BB-ED15-4548-9B45-D914B89DE7EB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe Brak pliku
FirewallRules: [{D5D7E32D-5DA2-4FF2-8FD3-8E1D6C0340E6}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe Brak pliku
FirewallRules: [{3C9A0B30-A813-4BEB-9777-F8AA9DCFC0B8}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe Brak pliku
FirewallRules: [{5ECE0C83-5FF2-41C6-AA68-81E1549EC44B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe Brak pliku
FirewallRules: [{C43840A8-8299-4D1B-AA38-DAA22BA35E79}] => (Allow) LPort=5354
FirewallRules: [{F6074300-08AE-4CB9-AEA4-2693CCB290E5}] => (Allow) LPort=5354
FirewallRules: [{3D4DD6BF-26DA-4AF8-95CF-6F7FE97FE36A}] => (Allow) LPort=5354
FirewallRules: [{CE1EC2E4-F35B-4C12-B084-DF4B45E8D84A}] => (Allow) LPort=5354
FirewallRules: [{CD7BDC46-37CA-4056-B918-4BB9BE31577E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe Brak pliku
FirewallRules: [{C314F567-90AC-4592-944F-3F8785338CC4}] => (Allow) LPort=5354
FirewallRules: [{F6602CC5-9A90-45B0-95F0-00ECED07E3AA}] => (Allow) LPort=5354
FirewallRules: [{F3DEF391-57B0-43B4-B7CA-90CEDFE3CDF0}] => (Allow) LPort=5354
FirewallRules: [{7CC60565-E8CE-4B2D-BA09-542513D75E1C}] => (Allow) LPort=5354
FirewallRules: [{8B90F2C9-6ABF-4634-966C-2604FA6B6991}] => (Allow) LPort=5354
FirewallRules: [{B7F131A1-A2C1-4D20-9F46-EC78DE1CF6FE}] => (Allow) LPort=5354
FirewallRules: [{3735199C-14A9-487A-B700-123220FAC81E}] => (Allow) LPort=5354
FirewallRules: [{D0525536-0ED6-4EB8-A0DF-F442D9AA235D}] => (Allow) LPort=5354
FirewallRules: [{EB572208-5C4C-4DD2-85FD-E26C5424DCF2}] => (Allow) LPort=5354
FirewallRules: [{3818FFEA-D11F-42C9-B004-B0D77B8A0AB7}] => (Allow) LPort=5354
FirewallRules: [{796DE735-1AAE-4589-AF55-5AA04A9D36AA}] => (Allow) LPort=5354
FirewallRules: [{88644280-F03B-438D-BE01-F41F12B6F4FC}] => (Allow) LPort=5354
Winsock: Catalog9-x64 01 C:\windows\system32\LavasoftTcpService64.dll [425744 2015-12-01] (Lavasoft Limited -> Lavasoft Limited) [Brak podpisu cyfrowego]
Winsock: Catalog9-x64 02 C:\windows\system32\LavasoftTcpService64.dll [425744 2015-12-01] (Lavasoft Limited -> Lavasoft Limited) [Brak podpisu cyfrowego]
Winsock: Catalog9-x64 03 C:\windows\system32\LavasoftTcpService64.dll [425744 2015-12-01] (Lavasoft Limited -> Lavasoft Limited) [Brak podpisu cyfrowego]
Winsock: Catalog9-x64 04 C:\windows\system32\LavasoftTcpService64.dll [425744 2015-12-01] (Lavasoft Limited -> Lavasoft Limited) [Brak podpisu cyfrowego]
Winsock: Catalog9-x64 05 C:\windows\system32\LavasoftTcpService64.dll [425744 2015-12-01] (Lavasoft Limited -> Lavasoft Limited) [Brak podpisu cyfrowego]
C:\Windows\SysWOW64\LavasoftTcpService.dll
C:\Windows\system32\LavasoftTcpService64.dll
IE trusted site: HKU\S-1-5-21-3500075029-4168557860-2684222871-1001\...\webcompanion.com -> hxxp://webcompanion.com
CMD: netsh winsock reset catalog
DeleteKey: HKCU\Software\Classes\mssccfile
RemoveProxy:
Hosts: