CloseProcesses:
CreateRestorePoint:
EmptyTemp:
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\RunOnce: [GrpConv] => grpconv -o
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA
HKU\S-1-5-21-1885980802-37223428-1519408807-500\...\Policies\Explorer: [NoRecentDocsNetHood] 1
HKU\S-1-5-21-1885980802-37223428-1519408807-500\...\Policies\Explorer: [NoRecentDocsHistory] 1
HKU\S-1-5-21-1885980802-37223428-1519408807-500\...\Policies\Explorer: [NoRecentDocsMenu] 1
HKU\S-1-5-21-1885980802-37223428-1519408807-500\...\Policies\Explorer: [NoSecurityTab] 1
GroupPolicy: Ograniczenia ? <==== UWAGA
GroupPolicy\User: Ograniczenia ? <==== UWAGA
Policies: C:\ProgramData\NTUSER.pol: Ograniczenia <==== UWAGA
Task: {3D28B182-45AA-4523-BDA0-B72AFBC906AE} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\8.4.0\Scheduler.exe [156696 2021-03-29] (IObit CO., LTD -> IObit)
Task: {763C037E-B8F3-465E-BE56-4CEF15870843} - \Microsoft\Windows\Google\GoogleUpdateTaskMachineRO -> Brak pliku <==== UWAGA
Task: {7FAEEBCC-E25D-4720-96EA-3F7E3BF84099} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\8.4.0\AutoUpdate.exe [2285592 2021-03-31] (IObit CO., LTD -> IObit)
Task: {BCCC1D77-8655-4560-AE01-C0BA40BE4A11} - System32\Tasks\Software Updater SkipUAC(Konrad Paluszek) => C:\Program Files (x86)\IObit\Software Updater\SoftwareUpdater.exe [4513224 2021-01-19] (IObit Information Technology -> IObit) <==== UWAGA
Task: {D307B2B6-3007-4C03-892B-A38FD0BC2F5A} - System32\Tasks\Driver Booster SkipUAC (Konrad Paluszek) => C:\Program Files (x86)\IObit\Driver Booster\8.4.0\DriverBooster.exe [8242200 2021-04-02] (IObit CO., LTD -> IObit) [Brak podpisu cyfrowego]
Task: {D58126C7-0B57-4E8E-B505-BFFC5C723437} - System32\Tasks\Software Updater Scheduler => C:\Program Files (x86)\IObit\Software Updater\SUInit.exe [1789200 2020-06-30] (IObit Information Technology -> IObit Software updater) <==== UWAGA
Task: {FF08C86E-A9C1-4A55-9D52-04D4080FEC0F} - System32\Tasks\Odkurzacz => C:\Program Files (x86)\Odkurzacz\odkurzacz.exe [1069056 2019-05-21] (FranmoSoftware) [Brak podpisu cyfrowego]
Tcpip\..\Interfaces\{aabbd025-2153-4bab-84b5-034d1d2538df}: [NameServer] 194.204.152.34,194.204.159.1
Tcpip\..\Interfaces\{aabbd025-2153-4bab-84b5-034d1d2538df}: [DhcpNameServer] 192.168.1.1
FF Plugin HKU\S-1-5-21-1885980802-37223428-1519408807-500: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files (x86)\Lightspark\nplightsparkplugin.dll [Brak pliku]
CHR DefaultSearchURL: Default -> hxxps://search.videodownloaderpremium.com/query?q={searchTerms}&v=1.0.3.2
CHR DefaultSearchKeyword: Default -> Videodownloaderpremium
CHR DefaultSuggestURL: Default -> hxxps://search.videodownloaderpremium.com/suggestion?q={searchTerms}
S3 libusb0; system32\drivers\libusb0.sys [X]
2021-04-11 07:55 - 2021-04-11 08:02 - 000000151 _____ C:\WINDOWS\restoro.ini
2021-04-11 07:44 - 2021-04-11 11:16 - 000000140 _____ C:\WINDOWS\Reimage.ini
2021-04-10 15:21 - 2021-04-10 15:21 - 000000008 __RSH C:\ProgramData\ntuser.pol
2020-03-18 11:31 - 2020-03-18 11:32 - 001564784 _____ () C:\Users\Administrator\AppData\Roaming\AvidApplicationManager_Install.log
2019-05-21 12:14 - 2019-05-21 12:14 - 000230590 _____ () C:\Users\Administrator\AppData\Roaming\AvidLicenseControl_Install.log
2020-08-13 20:38 - 2020-08-18 08:23 - 000001042 _____ () C:\Users\Administrator\AppData\Roaming\coreavc.ini
2019-05-21 12:31 - 2019-05-21 12:31 - 000099384 _____ () C:\Users\Administrator\AppData\Roaming\inst.exe
2019-05-21 12:31 - 2019-05-21 12:31 - 000007859 _____ () C:\Users\Administrator\AppData\Roaming\pcouffin.cat
2019-05-21 12:31 - 2019-05-21 12:31 - 000001167 _____ () C:\Users\Administrator\AppData\Roaming\pcouffin.inf
2019-05-21 12:31 - 2019-05-21 12:31 - 000082816 _____ (VSO Software) C:\Users\Administrator\AppData\Roaming\pcouffin.sys
2020-02-24 19:09 - 2021-02-28 18:32 - 000003584 _____ () C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2019-05-23 19:23 - 2019-05-23 19:23 - 000000000 _____ () C:\Users\Administrator\AppData\Local\oobelibMkey.log
2019-10-02 08:43 - 2019-10-02 08:43 - 000000017 _____ () C:\Users\Administrator\AppData\Local\resmon.resmoncfg
FCheck: C:\WINDOWS\SysWOW64\mp4norm.dll [2021-04-10] <==== UWAGA (zerobajtowy plik/folder)
AlternateDataStreams: C:\WINDOWS\SysWOW64\mp4norm.dll:ExtraData [15]
AlternateDataStreams: C:\ProgramData\TEMP:1AAB2E68 [127]
HKU\S-1-5-21-1885980802-37223428-1519408807-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.o2.pl/
IE trusted site: HKU\S-1-5-21-1885980802-37223428-1519408807-500\...\download.microsoft.com -> hxxp://download.microsoft.com
IE trusted site: HKU\S-1-5-21-1885980802-37223428-1519408807-500\...\download.windowsupdate.com -> hxxp://download.windowsupdate.com
IE trusted site: HKU\S-1-5-21-1885980802-37223428-1519408807-500\...\download.windowsupdate.com -> hxxps://download.windowsupdate.com
IE trusted site: HKU\S-1-5-21-1885980802-37223428-1519408807-500\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1885980802-37223428-1519408807-500\...\microsoft.com -> hxxp://ntservicepack.microsoft.com
IE trusted site: HKU\S-1-5-21-1885980802-37223428-1519408807-500\...\ntservicepack.microsoft.com -> hxxp://ntservicepack.microsoft.com
IE trusted site: HKU\S-1-5-21-1885980802-37223428-1519408807-500\...\update.microsoft.com -> hxxp://update.microsoft.com
IE trusted site: HKU\S-1-5-21-1885980802-37223428-1519408807-500\...\update.microsoft.com -> hxxps://update.microsoft.com
IE trusted site: HKU\S-1-5-21-1885980802-37223428-1519408807-500\...\windows.com -> hxxp://wustat.windows.com
IE trusted site: HKU\S-1-5-21-1885980802-37223428-1519408807-500\...\windowsupdate.com -> hxxp://download.windowsupdate.com
IE trusted site: HKU\S-1-5-21-1885980802-37223428-1519408807-500\...\windowsupdate.com -> hxxps://download.windowsupdate.com
IE trusted site: HKU\S-1-5-21-1885980802-37223428-1519408807-500\...\windowsupdate.microsoft.com -> hxxp://windowsupdate.microsoft.com
IE trusted site: HKU\S-1-5-21-1885980802-37223428-1519408807-500\...\ws.microsoft.com -> hxxp://ws.microsoft.com
IE trusted site: HKU\S-1-5-21-1885980802-37223428-1519408807-500\...\ws.microsoft.com -> hxxps://ws.microsoft.com
IE trusted site: HKU\S-1-5-21-1885980802-37223428-1519408807-500\...\wustat.windows.com -> hxxp://wustat.windows.com
RemoveProxy:
Hosts:
StartRegedit:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wuauserv]
"ImagePath"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,00,\
  74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
  00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
  6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MpsSvc]
"Start"=dword:00000002
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
  74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
  00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
  6b,00,20,00,4c,00,6f,00,63,00,61,00,6c,00,53,00,65,00,72,00,76,00,69,00,63,\
  00,65,00,4e,00,6f,00,4e,00,65,00,74,00,77,00,6f,00,72,00,6b,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\mpsdrv\Enum]
"0"="Root\\LEGACY_MPSDRV\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001
EndRegedit:

CMD: sc config wuauserv start= delayed-auto