CloseProcesses:
CreateRestorePoint:
EmptyTemp:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2514293450-2326734010-592155787-1000\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-2514293450-2326734010-592155787-1000\...\MountPoints2: H - H:\LaunchU3.exe -a
HKU\S-1-5-21-2514293450-2326734010-592155787-1000\...\MountPoints2: J - J:\LaunchU3.exe -a
HKU\S-1-5-21-2514293450-2326734010-592155787-1000\...\MountPoints2: {151955bc-5f54-11e3-af90-6cf0497f5eb9} - H:\Setup.exe
HKU\S-1-5-21-2514293450-2326734010-592155787-1000\...\MountPoints2: {2cc0a09e-1c10-11e2-a2e8-6cf0497f5eb9} - H:\Setup.exe
HKU\S-1-5-21-2514293450-2326734010-592155787-1000\...\MountPoints2: {4f9c4c78-f05f-11e1-ac38-6cf0497f5eb9} - H:\Setup.exe
HKU\S-1-5-21-2514293450-2326734010-592155787-1000\...\MountPoints2: {64ebc731-8701-11e1-b0c3-6cf0497f5eb9} - H:\Startme.exe
HKU\S-1-5-21-2514293450-2326734010-592155787-1000\...\MountPoints2: {7991f701-5333-11e1-8c70-6cf0497f5eb9} - H:\AutoRun.exe
HKU\S-1-5-21-2514293450-2326734010-592155787-1000\...\MountPoints2: {7991f706-5333-11e1-8c70-6cf0497f5eb9} - H:\AutoRun.exe
HKU\S-1-5-21-2514293450-2326734010-592155787-1000\...\MountPoints2: {81a544a1-4c85-11e0-a40f-6cf0497f5eb9} - H:\LaunchU3.exe -a
HKU\S-1-5-21-2514293450-2326734010-592155787-1000\...\MountPoints2: {b11696d2-2c1f-11e2-9225-6cf0497f5eb9} - H:\Setup.exe
HKU\S-1-5-21-2514293450-2326734010-592155787-1000\...\MountPoints2: {b19d6064-ce50-11e1-bf21-6cf0497f5eb9} - H:\Setup.exe
AppInit_DLLs: C:\ProgramData\Quoteex\Alpha-Warm.dll => No File
AppInit_DLLs-x32: C:\ProgramData\Quoteex\Ventoranla.dll => No File
BootExecute: autocheck autochk * icarus_rvrt.exe
GroupPolicy: Restriction - Chrome <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {08AD0C09-48A1-4044-82D6-A97797AE2CA6} - System32\Tasks\{22ABCC73-BA62-405A-9135-60070EB27A4D} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/5.10.0.116/pl/abandoninstall?page=tsProgressBar
Task: {153532A4-A42F-4074-8CAF-57B2017545DC} - System32\Tasks\{7B4FF4FA-24E8-4CBA-8401-7D061BBE0BAF} => C:\Windows\system32\pcalua.exe -a G:\setup.exe -d G:\ -c /autorun
Task: {1FEB64D9-A6D6-480D-92A1-30BC0029F3E3} - System32\Tasks\{B0E0A54D-E98D-4367-9B4B-D27DADE44750} => C:\Windows\system32\pcalua.exe -a D:\pobrane\Internet\FacebookGameroom(1).exe -d D:\pobrane\Internet
Task: {3069F7D1-D478-44B0-A99C-FE42EFBFBE43} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2514293450-2326734010-592155787-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {30DD776B-FB20-4F69-A155-5402479CA839} - System32\Tasks\KMSAutoNet => C:\ProgramData\KMSAutoS\KMSAuto Net.exe [6977272 2015-08-10] (Ratiborus MSFree Inc. -> MSFree Inc.) [File not signed]
Task: {33F4C9B6-C737-4203-8284-BF0C396A5963} - System32\Tasks\R@1n-KMS\Office14ProPlus => wmic path OfficeSoftwareProtectionProduct where (ID="6f327760-8c5c-417c-9b61-836a98287e0c") call Activate
Task: {3E0EF5B6-4D6D-49D4-BC56-8D94F90BFD27} - System32\Tasks\Update Manager => C:\Users\Tom\AppData\Roaming\Warhammer.40K.Sanctus.Reach-ALI213\Upgrade.exe
Task: {3EB886F2-5F08-4530-9319-527DDA8182CC} - System32\Tasks\{42EA116E-EF51-4EB9-8F6C-F6BB117A87B6} => C:\Windows\system32\pcalua.exe -a D:\pobrane\Internet\32bit_Win7_Win8_Win81_R272.exe -d D:\pobrane\Internet
Task: {433E95E0-0F57-4DE2-85BB-D21DDFB059B3} - System32\Tasks\{B765B0E1-C005-440B-AD74-5AD1F0A71570} => C:\Windows\system32\pcalua.exe -a D:\pobrane\Internet\FacebookGameroom.exe -d D:\pobrane\Internet
Task: {5DD3C2F6-3C5B-44AF-9B3B-9FD5F7AD6250} - System32\Tasks\{ECE156F6-ED11-4343-A901-1F2577BCD7D5} => C:\Windows\system32\pcalua.exe -a D:\pobrane\Internet\dxwebsetup(1).exe -d D:\pobrane\Internet
Task: {616EB4EA-3A35-4DB5-8127-5D62451664A4} - System32\Tasks\{DAAD27AE-7784-46D3-81FF-DB910346FF9F} => C:\Windows\system32\pcalua.exe -a "F:\gry\lol\League of Legends\Riot Games\Riot Client\RiotClientServices.exe" -c --uninstall-product=bacon --uninstall-patchline=live
Task: {6220FFF7-6F30-4591-8A30-C48E53F620EC} - \VHDezYAiMmhSpjSVJ2 -> No File <==== ATTENTION
Task: {845CE649-D0CC-4851-828A-2CE91BE2513F} - System32\Tasks\{0544B608-D9BC-4103-B32C-02E39571AA15} => C:\Windows\system32\pcalua.exe -a D:\pobrane\Internet\266.58_desktop_win7_winvista_64bit_international_whql.exe -d D:\pobrane\Internet
Task: {8D04F7CD-61D0-4A8C-AD71-EB8721CD0146} - System32\Tasks\{7E8279DA-C43B-4DCA-A9F8-FF170BF119CA} => E:\Gry\NBA 2K16\NBA2K16.exe
Task: {A3FCE3AC-E435-41D1-BE72-5825E2BFDBFC} - System32\Tasks\{C34B3741-8CE6-4883-A8B9-AD0A5D827418} => F:\gry\South PArk\steamapps\common\South Park - The Stick of Truth\South Park - The Stick of Truth.exe
Task: {BCD3B5EC-54F9-4FB7-A1C7-887804813DD8} - System32\Tasks\{6D22036A-F9F1-46CE-ACC0-6CBAD19591E4} => E:\Gry\NBA 2K16\NBA2K16.exe
Task: {C166D52B-F52F-49C1-B89E-038EDCE845A9} - \{7A0E7D47-0A7E-0505-7811-0B0F0E0E1109} -> No File <==== ATTENTION
Task: {C37F9DD8-6586-4EF8-A5DE-C00C892AEACC} - \RjugMwUzTsQQHAQNApl2 -> No File <==== ATTENTION
Task: {C74EEC69-F9E0-447E-BFCD-52FB51D8C520} - System32\Tasks\{30905005-600C-48F2-8A61-D8CA4291A353} => F:\gry\South PArk\steamapps\common\South Park - The Stick of Truth\South Park - The Stick of Truth.exe
Task: {C9908EBC-E9F7-40DF-8C43-24D07955E7EA} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1660520 2020-02-27] (Avast Software s.r.o. -> Avast Software)
Task: {D02C521A-06B7-454D-BD88-0F4669CE0376} - System32\Tasks\{A15EB195-A810-405B-9379-9E239218EE52} => C:\Windows\system32\pcalua.exe -a D:\pobrane\Internet\FacebookGameroom(2).exe -d D:\pobrane\Internet
Task: {D220BCFE-442F-42DC-AC9F-A916B56D4AB0} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2431816 2019-08-18] (Overwolf Ltd -> Overwolf LTD)
Task: {D26B423E-91CD-4C90-B2D4-8D15A6EECB24} - System32\Tasks\{C5458C7B-762C-46ED-A685-291BCB04A15A} => C:\Windows\system32\pcalua.exe -a D:\pobrane\Internet\dxwebsetup(3).exe -d D:\pobrane\Internet
Task: {D2D2C51C-5AC7-4692-8DF0-8ACF89F57CF3} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-05-16] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {E01DE920-5F57-44B8-BF94-D16ABEFBE964} - System32\Tasks\{3AF91EB6-69BA-4EBF-AC15-8AC31ECE61D9} => F:\gry\FIFA 19 DEMO\FIFA19_demo.exe [287357248 2018-08-17] (Electronic Arts, Inc. -> Electronic Arts)
Task: {E072A89E-7F58-4E8F-BC99-562607EA939F} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2514293450-2326734010-592155787-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {E2EE9226-6268-448D-BF16-7FCA446178C3} - System32\Tasks\{A9AB63B5-76DA-4871-8979-B3CE157EBBB0} => C:\Windows\system32\pcalua.exe -a "D:\pobrane\Internet\DDU v18.0.0.2\Display Driver Uninstaller.exe" -d "D:\pobrane\Internet\DDU v18.0.0.2"
Task: {F405BFF4-E65E-40A6-A569-E61CEA5EC191} - System32\Tasks\{C5D40E52-BECF-4035-8ACA-FF21F725F2FE} => F:\gry\South PArk\steamapps\common\South Park - The Stick of Truth\South Park - The Stick of Truth.exe
Task: {F5A40601-927D-44E8-8832-3CB634320D13} - \Bidaily Synchronize Task[pr] -> No File <==== ATTENTION
Task: {F7ADD63E-130B-4030-959F-028B7E34FFE2} - \bVyBIwMCwVjnlcc2 -> No File <==== ATTENTION
Task: {FA35FDA2-87ED-4B08-A496-8F134208931D} - System32\Tasks\{3E60EA50-333F-44AE-853B-627C28FFA922} => C:\Windows\system32\pcalua.exe -a C:\Users\Tom\AppData\Roaming\istartsurf\UninstallManager.exe -c  -ptid=obw
Task: {FD28326F-1B53-4FE7-B719-23D4610110ED} - System32\Tasks\{5563A490-E2C8-133B-BFB8-56FDB8705E8B} => C:\ProgramData\{B54B60FD-02E0-D756-6BA4-197E58BDF440}\31593602-86F2-81A9-4EDD-EB028BBE9735.exe <==== ATTENTION
Tcpip\..\Interfaces\{0CA12336-5BC2-4B85-9C21-973DF080F6DA}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{0CA12336-5BC2-4B85-9C21-973DF080F6DA}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{0EC7472A-1526-45ED-88A9-1C336E32BEDD}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{6EEF00C7-8D17-463E-8677-515B37C58EBC}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{B8654BC9-666F-4D42-BA75-7338B36EE440}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{DB4045F2-E469-4B39-855E-496BBC9309EF}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{DB4045F2-E469-4B39-855E-496BBC9309EF}: [DhcpNameServer] 8.8.8.8
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-2514293450-2326734010-592155787-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccZ5I8wJfgNRVgG42R7HeFIkBqaUnZmSorL6e8OBeWXk8IAlcBDDN_mi0Vs4ZuPjzgUzckJa_h5lEVkqScmAgSIS8FNDWtpdp1oszMRpgJV3GYM752gd4MYP5NK9mKV5glk99JBJF1j7vQjLq5BLluGH_OA,&q={searchTerms}
HKU\S-1-5-21-2514293450-2326734010-592155787-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://feed.helperbar.com/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccZ5I8wJfgNRVgG42R7HeFIkBqaUnZmSorL6e8OBeWXk8IAlcBDDN_mi0Vs4ZuPjzgU_VW6fMEXKb-VFzrc5GxIiG63qRpYtF6yo0Fq5LpGnPIdjrCGN-awot90-Q9rLjTTsnXyzZadzscQ2g1rp90kgVgY,
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2514293450-2326734010-592155787-1000 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2514293450-2326734010-592155787-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://pl.search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10420__180531__yaie&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2514293450-2326734010-592155787-1000 -> {C458B410-C0DF-435F-96D2-FDCB5D3F6316} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2514293450-2326734010-592155787-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\cfg [2015-05-27] <==== ATTENTION
CHR HomePage: Default -> hxxp://www.gazeta.pl/0,0.html?p=190
CHR StartupUrls: Default -> "hxxp://www.gazeta.pl/0,0.html?p=190","hxxp://www.gazeta.pl/0,0.html?p=190","hxxp://www.gazeta.pl/0,0.html?p=190","hxxp://www.gazeta.pl/0,0.html?p=190","hxxp://www.gazeta.pl/0,0.html?p=190","hxxp://www.gazeta.pl/0,0.html?p=190","hxxp://www.gazeta.pl/0,0.html?p=190","hxxp://www.gazeta.pl/0,0.html?p=190","hxxp://www.gazeta.pl/0,0.html?p=190","hxxp://www.gazeta.pl/0,0.html?p=190","hxxp://www.gazeta.pl/0,0.html?p=190","hxxp://www.gazeta.pl/0,0.html?p=190","hxxp://www.gazeta.pl/0,0.html?p=190","hxxp://www.gazeta.pl/0,0.html?p=190"
OPR StartupUrls:  "hxxp://www.gazeta.pl/0,0.html?p=188" 
S0 amdkmafd; system32\DRIVERS\amdkmafd.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 RTL8192su; system32\DRIVERS\RTL8192su.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2020-06-23 20:19 - 2019-07-12 23:53 - 000003734 _____ C:\Windows\system32\Tasks\KMSAutoNet
2020-06-15 10:02 - 2019-07-12 23:53 - 000000000 ____D C:\ProgramData\KMSAutoS
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
ContextMenuHandlers4: [Convert] -> {9f95ca1a-e80e-4c0f-acd1-4c9b7900b982} =>  -> No File
ContextMenuHandlers1_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers4_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers5_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
FirewallRules: [{CF4A265F-641B-41BF-86A4-47BA9513ED3C}] => (Allow) LPort=1542
FirewallRules: [{8A8F30A8-A451-45D0-AB68-6307B699C141}] => (Allow) LPort=1542
FirewallRules: [{57FDD465-B516-40E5-8E5F-FA98C3FA626F}] => (Allow) LPort=53
FirewallRules: [{0FB9ACFB-F5D8-47D4-9020-2EC2BFB87EAA}] => (Allow) C:\Windows\SysWOW64\msiexec.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{2E618E38-A63F-4D86-B894-FE49946801DD}] => (Allow) C:\Windows\SysWOW64\msiexec.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{D8D6CC82-3B56-413F-885C-2C2EFA747497}] => (Allow) C:\Windows\KMS-R@1n.exe () [File not signed]
FirewallRules: [{CA647BCD-4E5F-4DD6-84B1-E50435EB0511}] => (Allow) C:\Windows\KMS-R@1n.exe () [File not signed]
Hosts:
RemoveProxy: