CloseProcesses: CreateRestorePoint: EmptyTemp: HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== UWAGA HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA HKU\S-1-5-21-4111564225-2441505280-3832451587-1001\...\Run: [Chromium] => "c:\users\pati_\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory=Default --restore-last-session HKU\S-1-5-21-4111564225-2441505280-3832451587-1001\...\Run: [GoogleChromeAutoLaunch_B5492418FA27518FCB5EFE897D445984] => "C:\Users\pati_\AppData\Local\chromium\Application\chrome.exe" --no-startup-window /prefetch:5 HKU\S-1-5-21-4111564225-2441505280-3832451587-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk [2021-03-16] ShortcutTarget: $McRebootA5E6DEAA56$.lnk -> (Brak pliku) HKLM\SOFTWARE\Policies\Mozilla\Firefox: Ograniczenia <==== UWAGA HKLM\SOFTWARE\Policies\Google: Ograniczenia <==== UWAGA Task: {1B504122-15C8-4EBF-A621-4B126B65E7C5} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [1822976 2021-02-23] (AVG Technologies USA, LLC -> AVG Technologies) "C:\Windows\System32\Tasks\Chromium tatem" nie został odblokowany. <==== UWAGA Task: {98157223-DC1B-4C9C-B7F6-1EFDA3DCE9C1} - System32\Tasks\Chromium tatem Task: {98651CD4-09C8-4766-8BCE-A4D3AA03F559} - System32\Tasks\Opera scheduled Autoupdate 1514205436 => C:\Users\pati_\AppData\Local\Programs\Opera\launcher.exe Task: {B02EDA02-F81F-4B5A-B9D6-226D2E474446} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1791712 2021-02-23] (Avast Software s.r.o. -> Avast Software) Task: C:\WINDOWS\Tasks\Chromium tatem.job => Wscript.exe C:\ProgramData\{B48871EB-3ECA-FB2D-B80C-656F224EEEA1}\fado.txt <==== UWAGA Tcpip\..\Interfaces\{4fe31f74-9f16-4226-ace9-09d741857f27}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{ce7bf9b2-914a-48d3-8191-1521803e6034}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{d88a4f49-c998-4b67-ad59-b254b7029a55}: [DhcpNameServer] 172.20.10.1 Edge HomeButtonPage: HKU\S-1-5-21-4111564225-2441505280-3832451587-1001 -> hxxp://www.global-pl.com/ FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [Brak pliku] CHR StartupUrls: Default -> "hxxp://www.global-pl.com/" 2018-05-20 12:02 - 2019-06-17 21:46 - 000000319 _____ () C:\Users\pati_\AppData\Roaming\WB.CFG 2019-02-24 14:25 - 2019-02-24 14:25 - 000000000 _____ () C:\Users\pati_\AppData\Local\BIT6EF6.tmp 2018-01-06 14:22 - 2018-01-09 18:32 - 000000052 _____ () C:\Users\pati_\AppData\Local\xhRvfPtdNr 2019-05-17 17:13 - 2019-05-17 17:13 - 000000000 _____ () C:\Users\pati_\AppData\Local\{8E5398EE-7AB9-48AB-BC13-5EC0327B8A7D} CustomCLSID: HKU\S-1-5-21-4111564225-2441505280-3832451587-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\pati_\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll => Brak pliku ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> Brak pliku HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=elm&hsimp=yhs-001&type=hdr_s_18_48_jny_soverj_00_00¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3Dhodor%26cd%3D2XzuyEtN2Y1L1Qzu0A0C0EtB0DtAtA0CyByD0D0A0E0CtA0DtN0D0TzutN1L2XzuyEtFtAtBtFtDtFtAtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyDyCzz1R1P1QtA1QtGtB1P1Q1OtGyEtC1P1OtGzy1TtA1OtGyCtC1OtDzyyBtD1P1TyD1QyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0CyCyDtC0Fzz0AtGtDyB0EtAtGyEzytA0DtGzzzytDzytGyDzz0FtCtCyCzy0AtB0F0AtB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1Rzu%26cr%3D1916465631%26a%3Dhdr_s_18_48_jny_soverj_00_00%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE HKU\S-1-5-21-4111564225-2441505280-3832451587-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE HKU\S-1-5-21-4111564225-2441505280-3832451587-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://securesearch.org/homepage?hp=2&pId=BT171101&iDate=2020-03-29 05:10:33&bName= SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=elm&hsimp=yhs-001&type=hdr_s_18_48_jny_soverj_00_00¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dhodor%26cd%3D2XzuyEtN2Y1L1Qzu0A0C0EtB0DtAtA0CyByD0D0A0E0CtA0DtN0D0TzutN1L2XzuyEtFtAtBtFtDtFtAtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyDyCzz1R1P1QtA1QtGtB1P1Q1OtGyEtC1P1OtGzy1TtA1OtGyCtC1OtDzyyBtD1P1TyD1QyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0CyCyDtC0Fzz0AtGtDyB0EtAtGyEzytA0DtGzzzytDzytGyDzz0FtCtCyCzy0AtB0F0AtB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1Rzu%26cr%3D1916465631%26a%3Dhdr_s_18_48_jny_soverj_00_00%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms} SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=elm&hsimp=yhs-001&type=hdr_s_18_48_jny_soverj_00_00¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dhodor%26cd%3D2XzuyEtN2Y1L1Qzu0A0C0EtB0DtAtA0CyByD0D0A0E0CtA0DtN0D0TzutN1L2XzuyEtFtAtBtFtDtFtAtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyDyCzz1R1P1QtA1QtGtB1P1Q1OtGyEtC1P1OtGzy1TtA1OtGyCtC1OtDzyyBtD1P1TyD1QyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0CyCyDtC0Fzz0AtGtDyB0EtAtGyEzytA0DtGzzzytDzytGyDzz0FtCtCyCzy0AtB0F0AtB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1Rzu%26cr%3D1916465631%26a%3Dhdr_s_18_48_jny_soverj_00_00%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms} SearchScopes: HKLM -> {DE86EBDF-85F9-493F-9680-BE7BB7D70DF8} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=elm&hsimp=yhs-001&type=hdr_s_18_48_jny_soverj_00_00¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dhodor%26cd%3D2XzuyEtN2Y1L1Qzu0A0C0EtB0DtAtA0CyByD0D0A0E0CtA0DtN0D0TzutN1L2XzuyEtFtAtBtFtDtFtAtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyDyCzz1R1P1QtA1QtGtB1P1Q1OtGyEtC1P1OtGzy1TtA1OtGyCtC1OtDzyyBtD1P1TyD1QyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0CyCyDtC0Fzz0AtGtDyB0EtAtGyEzytA0DtGzzzytDzytGyDzz0FtCtCyCzy0AtB0F0AtB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1Rzu%26cr%3D1916465631%26a%3Dhdr_s_18_48_jny_soverj_00_00%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms} SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=elm&hsimp=yhs-001&type=hdr_s_18_48_jny_soverj_00_00¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dhodor%26cd%3D2XzuyEtN2Y1L1Qzu0A0C0EtB0DtAtA0CyByD0D0A0E0CtA0DtN0D0TzutN1L2XzuyEtFtAtBtFtDtFtAtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyDyCzz1R1P1QtA1QtGtB1P1Q1OtGyEtC1P1OtGzy1TtA1OtGyCtC1OtDzyyBtD1P1TyD1QyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0CyCyDtC0Fzz0AtGtDyB0EtAtGyEzytA0DtGzzzytDzytGyDzz0FtCtCyCzy0AtB0F0AtB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1Rzu%26cr%3D1916465631%26a%3Dhdr_s_18_48_jny_soverj_00_00%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms} SearchScopes: HKLM-x32 -> {DE86EBDF-85F9-493F-9680-BE7BB7D70DF8} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKU\S-1-5-21-4111564225-2441505280-3832451587-1001 -> DefaultScope {BF61237C-1EAC-454C-B624-BB80E7E481D8} URL = hxxp://www.global-pl.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-4111564225-2441505280-3832451587-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=elm&hsimp=yhs-001&type=hdr_s_18_48_jny_soverj_00_00¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dhodor%26cd%3D2XzuyEtN2Y1L1Qzu0A0C0EtB0DtAtA0CyByD0D0A0E0CtA0DtN0D0TzutN1L2XzuyEtFtAtBtFtDtFtAtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyDyCzz1R1P1QtA1QtGtB1P1Q1OtGyEtC1P1OtGzy1TtA1OtGyCtC1OtDzyyBtD1P1TyD1QyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0CyCyDtC0Fzz0AtGtDyB0EtAtGyEzytA0DtGzzzytDzytGyDzz0FtCtCyCzy0AtB0F0AtB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1Rzu%26cr%3D1916465631%26a%3Dhdr_s_18_48_jny_soverj_00_00%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms} SearchScopes: HKU\S-1-5-21-4111564225-2441505280-3832451587-1001 -> {993F5746-4C15-42BC-99C1-064A1764271B} URL = hxxps://securesearch.org?q={searchTerms} SearchScopes: HKU\S-1-5-21-4111564225-2441505280-3832451587-1001 -> {BF61237C-1EAC-454C-B624-BB80E7E481D8} URL = hxxp://www.global-pl.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-4111564225-2441505280-3832451587-1001 -> {DE86EBDF-85F9-493F-9680-BE7BB7D70DF8} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll Brak pliku IE trusted site: HKU\.DEFAULT\...\localhost -> localhost IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com IE trusted site: HKU\S-1-5-21-4111564225-2441505280-3832451587-1001\...\webcompanion.com -> hxxp://webcompanion.com HKU\S-1-5-21-4111564225-2441505280-3832451587-1001\...\StartupApproved\Run: => "Web Companion" FirewallRules: [{DAD2FD7D-58FB-4D87-8DD2-7AC1D4C5EF18}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => Brak pliku FirewallRules: [{080C8E36-60BE-414D-89FD-268EDBBBF6A3}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => Brak pliku FirewallRules: [{79B2DD67-B578-419D-A2D4-91FD6C9BBE36}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => Brak pliku FirewallRules: [{24887DC5-8350-4080-BAA8-FEA6A5FD1630}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => Brak pliku FirewallRules: [UDP Query User{3029B169-EFB7-4F60-A124-826B7F54E8B1}C:\users\pati_\appdata\roaming\utorrent web\utweb.exe] => (Block) C:\users\pati_\appdata\roaming\utorrent web\utweb.exe => Brak pliku FirewallRules: [TCP Query User{BF09DAE9-0F4B-4912-B51B-D2DA6C5A0545}C:\users\pati_\appdata\roaming\utorrent web\utweb.exe] => (Block) C:\users\pati_\appdata\roaming\utorrent web\utweb.exe => Brak pliku FirewallRules: [{B4A98538-A3A9-4F73-9F64-28D1906CA911}] => (Allow) C:\Users\pati_\AppData\Local\Programs\Opera\52.0.2871.40\opera.exe => Brak pliku FirewallRules: [{4FDFE447-332A-485C-AEC1-3C6245155994}] => (Allow) C:\Users\pati_\AppData\Local\Programs\Opera\51.0.2830.55\opera.exe => Brak pliku FirewallRules: [{87070CB9-C94B-4EE2-801B-1CD5FA0515C3}] => (Allow) LPort=13148 FirewallRules: [{5EEE5996-3453-4827-AAB0-5E2D655CAB29}] => (Allow) C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe => Brak pliku FirewallRules: [{6B247683-D743-4FC7-BB93-3C823083F27C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe => Brak pliku FirewallRules: [{0A471C7F-624B-4BDC-A8C1-D8C1112D32E1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe => Brak pliku FirewallRules: [{FB46B7DD-2267-494D-9E6A-6982A2213BDE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe => Brak pliku FirewallRules: [{F8F36016-9E4F-4B57-9AFB-5C3302B2FFB7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe => Brak pliku FirewallRules: [{0BCC9771-6A96-452E-8095-E15BEBF80D74}] => (Allow) C:\Users\pati_\AppData\Local\Chromium\Application\chrome.exe (The Chromium Authors) [Brak podpisu cyfrowego] FirewallRules: [{767505BB-3F7A-43A2-B3C0-0CD5CBAE0A59}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe => Brak pliku FirewallRules: [{77C123EE-3870-499F-A413-BB116F2ABC35}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe => Brak pliku FirewallRules: [{63591F09-341F-4814-8907-58EB75001130}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe => Brak pliku FirewallRules: [{7A7B4EA8-D3D0-493E-BF28-12BFE1B63376}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe => Brak pliku FirewallRules: [{A28F6B9A-9E82-42BE-BD79-80B9D4FE800F}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe => Brak pliku FirewallRules: [{2EA046C8-CBA0-480E-BDA1-7B8243C53803}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe => Brak pliku FirewallRules: [{ADF2746F-7A4D-4681-A363-A7202FF1AD5E}] => (Allow) C:\Ross-Tech\VCDS\VCDS.EXE => Brak pliku RemoveProxy: Hosts: