SystemRestore: On CloseProcesses: CreateRestorePoint: EmptyTemp: HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== UWAGA HKU\S-1-5-21-4148080941-3081196686-3930885294-1000\...\MountPoints2: {45e162a3-8acc-11e5-9843-bc5ff4851863} - "G:\setup.EXE" /AUTORUN HKU\S-1-5-21-4148080941-3081196686-3930885294-1000\...\MountPoints2: {6bde6a90-a74c-11e5-984b-bc5ff4851863} - "H:\SETUP.EXE" HKU\S-1-5-21-4148080941-3081196686-3930885294-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Ribbons.scr [151552 2019-03-19] (Microsoft Windows -> Microsoft Corporation) FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Ograniczenia <==== UWAGA CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <==== UWAGA Task: {027978E5-72F2-4FBD-B65F-3FFF029B8C10} - System32\Tasks\Opera scheduled Autoupdate 1498877283 => C:\Program Files\Opera\launcher.exe [1538584 2020-03-12] (Opera Software AS -> Opera Software) Task: {03D6195E-F4CF-4E31-83E5-61C9444A14E5} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK Task: {061EAA9C-CD0A-4583-94F5-E120641C8C3E} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe Task: {0CE915BF-4382-4475-80C5-9D9AF7A89F21} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe Task: {0F74D4DC-544A-45FB-83BB-08F568002529} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe Task: {12FF7214-2801-4944-B7F0-641737C2DA7E} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Brak pliku <==== UWAGA Task: {1344C3B7-D90C-4C81-B1E5-67674B6ED3B1} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {14C1942F-967D-491A-9C0D-DD360476DCAE} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe Task: {15B8094B-5553-4645-9324-482CA4A81AB9} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> Brak pliku <==== UWAGA Task: {21AB2252-6BC5-4524-95A5-808CE26984DE} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe Task: {2D2634B7-81F6-498D-8EB1-7488C11845D6} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Brak pliku <==== UWAGA Task: {390FA5BE-8E1B-41CA-B3D1-D3AD4E62BC9E} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe Task: {47F5F32D-A7F3-4DFB-A3B4-2825F867CEFE} - System32\Tasks\{08E60238-CFC4-419A-AB4E-1BAFEB346E38} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=6.6.0.106&LastError=404 Task: {4DEE162C-D917-438A-8123-2454D3DC19FB} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Brak pliku <==== UWAGA Task: {5688A8A3-FF3B-4FCE-8AA5-A64F368165A5} - System32\Tasks\{26C2BF42-12C9-4873-B948-EE51E4A0FD10} => C:\WINDOWS\system32\pcalua.exe -a D:\GRY\Freelancer\EXE\Freelancer.exe -d D:\GRY\Freelancer\exe Task: {58C51C9E-BAC2-4918-9621-0D55F85FE316} - System32\Tasks\Opera scheduled assistant Autoupdate 1582867404 => C:\Program Files\Opera\launcher.exe [1538584 2020-03-12] (Opera Software AS -> Opera Software) Task: {5FAD5DA2-D5D9-4196-9471-98088908EED8} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Brak pliku <==== UWAGA Task: {62F4884D-31EB-4A9B-8483-502F1922FC50} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {650EA04C-893A-4069-BE5E-51284A4FF139} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe Task: {65598AC3-4811-4704-AC6E-FE240CEB2509} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe Task: {6F2CF305-0DC1-4E61-BC37-41CFFBA9EC28} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Brak pliku <==== UWAGA Task: {90CA7E7E-84C0-410B-96C5-FBEC29D631F3} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe Task: {91CD5952-9F71-4EDE-83C7-6620C189F89A} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe Task: {9D0EC07A-9DAF-4FD6-BC7F-16D0DC865F88} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe Task: {B1590F62-53E5-4704-8E1A-1E1070F988A6} - System32\Tasks\TinyTakeUpgrade => C:\Users\Paweł Kęska\AppData\Local\MangoApps\TinyTake by MangoApps\TinyTake.exe Task: {B297311B-8B65-47F7-B919-E9F79A37111F} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe Task: {BE6B4686-1B75-4309-80C2-6C86492E5FD2} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Brak pliku <==== UWAGA Task: {BF60AB92-798B-4664-A54B-76C8DE4A34F9} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe Task: {C9E184C1-59AD-4E1C-B023-00964778FC99} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe Task: {CA1BD8EF-9F3A-48A3-8BCB-5A7E56FBD4D6} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe Task: {CAAB3827-B375-4676-9D8F-A6618F567A8B} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe Task: {CF69D95E-CFEF-4FAA-84C1-D602151CB792} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Brak pliku <==== UWAGA Task: {D8DD949A-E3FF-489A-8C33-7690494421A9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Brak pliku <==== UWAGA Task: {DBA58880-3711-4F75-BF3A-56AA2163A316} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe Task: {E4EB241D-2C56-4B49-A90B-4D031336C8EE} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe Task: {E6115F57-BF81-44A3-9C06-4DAF00F10EAA} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Brak pliku <==== UWAGA Task: {E6593585-AF1D-4081-A567-62B9C2E11E74} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Brak pliku <==== UWAGA Task: {ED00C97C-FACE-4FBF-853B-E074614177D9} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Brak pliku <==== UWAGA Task: {F9A45AF6-553E-4619-812C-9359D353EBF4} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {FAB8BFE9-12DB-4291-9D67-0D3A6BB6A28F} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1660520 2020-02-28] (Avast Software s.r.o. -> Avast Software) Task: {FE2E4836-21E0-4B6D-B68D-7E0D7BD78E4D} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {FFEB874B-E08D-4CD6-8602-F10231170FBB} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe Tcpip\..\Interfaces\{37c1108d-47e5-4691-89b3-15941db5e83f}: [DhcpNameServer] 62.179.1.63 62.179.1.62 Tcpip\..\Interfaces\{b6d171f9-f153-464a-a95b-c21564a2684b}: [DhcpNameServer] 172.20.10.1 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = Handler: mso-minsb-roaming.16 - Brak wartości CLSID Handler: mso-minsb.16 - Brak wartości CLSID Handler: osf-roaming.16 - Brak wartości CLSID Handler: osf.16 - Brak wartości CLSID Filter: text/xml - Brak wartości CLSID FF NewTab: Mozilla\Firefox\Profiles\lodtuugm.default -> hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10437__190303 FF NetworkProxy: Mozilla\Firefox\Profiles\lodtuugm.default -> type", 0 CHR HKU\S-1-5-21-4148080941-3081196686-3930885294-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - R2 KMSEmulator; C:\ProgramData\KMSAuto\bin\KMSSS.exe [301056 2015-07-24] (MDL Forum, mod by Ratiborus) [Brak podpisu cyfrowego] U3 idsvc; Brak ImagePath S3 WinRing0_1_2_0; \??\C:\Users\Paweł Kęska\AppData\Local\Temp\tmpAE86.tmp [X] <==== UWAGA 2020-03-20 00:23 - 2020-03-20 00:37 - 000000000 ____D C:\Program Files\1WK4ABH4N7 2020-03-20 00:17 - 2020-03-20 00:17 - 000000000 ____D C:\Users\Default\AppData\Local\AdvinstAnalytics 2020-03-20 00:17 - 2020-03-20 00:17 - 000000000 ____D C:\Users\Default User\AppData\Local\AdvinstAnalytics 2020-03-20 00:15 - 2020-03-20 00:18 - 000000000 ____D C:\Program Files (x86)\Sir 2020-03-20 00:15 - 2020-03-19 21:02 - 001769472 _____ C:\Users\Paweł Kęska\AppData\LocalLow\IDCdJOyapn 2020-03-20 00:14 - 2020-03-20 16:17 - 000003508 _____ C:\WINDOWS\system32\Tasks\Opera scheduled assistant Autoupdate 1582867404 2020-03-20 00:14 - 2020-03-20 00:24 - 000000000 ____D C:\Program Files (x86)\Render 2020-03-20 00:14 - 2020-03-20 00:18 - 000000000 ____D C:\Program Files\ISYUL1Q5HF 2020-03-20 00:12 - 2020-03-20 00:18 - 000000000 ____D C:\Program Files (x86)\KMSPico 10.2.1 Final 2020-03-19 18:08 - 2020-03-19 18:08 - 000000000 ____D C:\Users\Paweł Kęska\Downloads\KMSAuto-Net 2020-03-19 18:07 - 2020-03-19 18:07 - 011237526 _____ C:\Users\Paweł Kęska\Downloads\KMSAuto-Net.zip 2020-03-19 17:54 - 2020-03-19 17:59 - 000000000 ____D C:\ProgramData\KMSAuto Rocket Arena 3 1.75 (remove only) (HKLM-x32\...\RA3) (Version: - ) <==== UWAGA CustomCLSID: HKU\S-1-5-21-4148080941-3081196686-3930885294-1000_Classes\CLSID\{083f5ae0-2b0a-11dd-bd0b-0800200c9a66}\InprocServer32 -> C:/Users/Paweł Kęska/AppData/Local/Microsoft/Windows Sidebar/Gadgets/All_CPU_Meter.gadget/CoreTempReader.dll => Brak pliku CustomCLSID: HKU\S-1-5-21-4148080941-3081196686-3930885294-1000_Classes\CLSID\{5b55a44a-d008-49aa-9234-86fb7709bc0a}\InprocServer32 -> C:/Users/Paweł Kęska/AppData/Local/Microsoft/Windows Sidebar/Gadgets/GPU_Meter.gadget/GPUStatusReader.dll => Brak pliku HKU\S-1-5-21-4148080941-3081196686-3930885294-1000\...\StartupApproved\Run: => "TinyTake by MangoApps" FirewallRules: [{193133E4-6564-4408-BEF3-DA0979B2B5D8}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe Brak pliku FirewallRules: [{15F32667-C9E2-4102-B986-254DD66E08A2}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe Brak pliku RemoveProxy: CMD: ipconfig /flushdns HOSTS: