SystemRestore: On CreateRestorePoint: CloseProcesses: EmptyTemp: CMD: sc stop ajctcliu CMD: sc delete ajctcliu HKU\S-1-5-21-1255634179-2396725886-1912766959-1000\...\Run: [IZCUM9IOPE2GC6N] => "C:\Program Files\KAIONC73JZ\KAIONC73J.exe" HKU\S-1-5-21-1255634179-2396725886-1912766959-1000\...\Run: [CK9Z7ZFLXT5O0O3] => "C:\Program Files\1SMRTA9N0I\1SMRTA9N0.exe" HKU\S-1-5-21-1255634179-2396725886-1912766959-1000\...\Run: [UQTLPI0CT1FUMEK] => "C:\Program Files\MUBU4WHI2J\MUBU4WHI2.exe" C:\Program Files\KAIONC73JZ C:\Program Files\1SMRTA9N0I C:\Program Files\MUBU4WHI2J HKLM\...\Windows NT x86\Print Processors\OneNotePrint2007: C:\Windows\System32\spool\prtprocs\W32X86\msonpppr.dll [33104 2006-10-26] (Microsoft Corporation -> Microsoft Corporation) HKLM\...\Print\Monitors\Send To Microsoft OneNote Monitor: C:\Windows\system32\msonpmon.dll [32592 2006-10-26] (Microsoft Corporation -> Microsoft Corporation) CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <==== UWAGA Task: {32B121C6-780A-4618-86BC-3ED91360609F} - System32\Tasks\Opera scheduled assistant Autoupdate 1590073492 => D:\Programy\Opera\launcher.exe Task: {79543B37-B3D1-4D70-B150-2F076B8AD429} - System32\Tasks\Opera scheduled Autoupdate 1445710948 => D:\Programy\Opera\launcher.exe Task: {B8C3A593-F904-454C-BE57-24096EB3F43C} - System32\Tasks\{A1970F9F-AC70-4A37-91BD-80F4BA520E6D} => C:\Windows\system32\pcalua.exe -a "D:\Program Files\Gry.!\Strzelanki\CS1.6_v32_by_Lukasz\CS1.6_v32 - by -=Lukasz=-.exe" -d "D:\Program Files\Gry.!\Strzelanki\CS1.6_v32_by_Lukasz" Tcpip\..\Interfaces\{09C15CB7-8E91-4370-B7D8-F26BDE94D745}: [DhcpNameServer] 185.170.226.34 185.170.226.2 CHR HomePage: Default -> hxxp://www.gazeta.pl/0,0.html?p=190 CHR StartupUrls: Default -> "hxxp://www.gazeta.pl/0,0.html?p=190" CHR Extension: (d8yI+Hf7rX) - C:\Users\Kondi\AppData\Local\Google\Chrome\User Data\Default\Extensions\fagdgogbckdojokbbpbkefgcnhppcjlk [2020-09-13] CHR Extension: (d8yI+Hf7rX) - C:\Users\Kondi\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\fagdgogbckdojokbbpbkefgcnhppcjlk [2020-09-13] OPR Extension: (book_helper) - C:\Users\Kondi\AppData\Roaming\Opera Software\Opera Stable\Extensions\fagdgogbckdojokbbpbkefgcnhppcjlk [2020-09-13] StartMenuInternet: (HKLM) OperaStable - D:\Programy\Opera\Launcher.exe S2 ajctcliu; C:\Windows\system32\ajctcliu\lffwhqhj.exe [0 0000-00-00] (Odmowa dostępu) <==== UWAGA (Odmowa dostępu) S2 mssecsvc2.0; C:\WINDOWS\mssecsvc.exe -m security [X] U3 TrueSight; \??\C:\Windows\System32\drivers\truesight.sys [X] S3 xhunter1; \??\C:\Windows\xhunter1.sys [X] 2020-09-14 20:51 - 2020-09-14 20:51 - 000989584 _____ (GridinSoft LLC) C:\Users\Kondi\Downloads\install-antimalware-fix.exe 2020-09-14 19:18 - 2020-09-14 19:18 - 000000000 ____D C:\ProgramData\UDFK6JJ0XAW2KJSRLWVSQA508 2020-09-14 19:15 - 2020-09-14 19:15 - 000000000 ____D C:\Users\Kondi\AppData\Roaming\0negkm2whon 2020-09-13 18:45 - 2020-09-13 18:45 - 000000000 ____D C:\Users\Kondi\AppData\Roaming\p0rvuyu4rkn 2020-09-13 18:43 - 2020-09-13 18:44 - 000000000 ____D C:\Users\Kondi\AppData\LocalLow\3098htrhpen8ifg0 2020-09-13 18:43 - 2020-09-13 18:43 - 001081344 _____ C:\Users\Kondi\AppData\LocalLow\exuieaoEiI 2020-09-13 18:43 - 2020-09-13 18:43 - 000000000 ____D C:\Windows\system32\ajctcliu 2020-09-13 18:43 - 2020-09-13 18:43 - 000000000 ____D C:\Users\Kondi\AppData\Roaming\obpnbtjqknu 2020-09-14 21:11 - 2020-06-12 20:32 - 000000008 __RSH C:\Users\Kondi\ntuser.pol 2020-09-14 20:51 - 2020-06-12 20:32 - 000000008 __RSH C:\ProgramData\ntuser.pol 2020-09-10 12:47 - 2020-08-02 19:07 - 000003878 _____ C:\Windows\system32\Tasks\Opera scheduled Autoupdate 1445710948 2020-05-05 20:12 - 2020-05-05 20:12 - 000418816 ____H (Microsoft Corporation) C:\ProgramData\svchost.exe 2020-09-14 19:18 - 2020-09-14 19:18 - 000083784 _____ (Microsoft Corporation) C:\ProgramData\vcruntime140.dll 2018-02-15 20:02 - 2010-11-20 14:18 - 000129024 ___SH () C:\Users\Kondi\AppData\Roaming\acctaue 2018-02-15 20:02 - 2010-11-20 14:18 - 000167424 ___SH () C:\Users\Kondi\AppData\Roaming\iwctaue 2020-09-14 19:25 - 2020-09-14 19:25 - 000000560 _____ () C:\Users\Kondi\AppData\Local\bowsakkdestx.txt 2020-09-13 18:43 C:\Windows\system32\ajctcliu AlternateDataStreams: C:\Windows\system32\config\systemprofile:.repos [2466456] AlternateDataStreams: C:\Users\Kondi\Dane aplikacji:19480092594194a127310869d618ccd6 [394] AlternateDataStreams: C:\Users\Kondi\AppData\Roaming:19480092594194a127310869d618ccd6 [394] FirewallRules: [{976BA759-61F0-43DA-8821-3E6A1F969061}] => (Allow) 㩃啜敳獲䭜湯楤䅜灰慄慴剜慯業杮卜敮捴扨污屬湓瑥档慢汬攮數 => Brak pliku cmd: netsh winsock reset catalog cmd: netsh advfirewall reset cmd: netsh advfirewall set allprofiles state ON cmd: Bitsadmin /Reset /Allusers cmd: ipconfig /flushdns Removeproxy: Hosts: