CloseProcesses: CreateRestorePoint: EmptyTemp: HKU\S-1-5-21-2830509316-4061959040-275529259-1001\...\Run: [Rainlendar2] => D:\Program Files\Rainlendar2\Rainlendar2.exe HKU\S-1-5-21-2830509316-4061959040-275529259-1001\...\Run: [RAMKontroler] => C:\Program Files (x86)\XimSoft\RAM Kontroler\RamKontroler.exe HKU\S-1-5-21-2830509316-4061959040-275529259-1001\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun Task: C:\WINDOWS\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\MessageCheck.exe Tcpip\..\Interfaces\{8e43ee1d-19fb-4e7c-ae7a-60ccee768a53}: [DhcpNameServer] 192.168.8.1 BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll => Brak pliku BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll => Brak pliku Edge HKU\S-1-5-21-2830509316-4061959040-275529259-1001\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx FF HKU\S-1-5-21-2830509316-4061959040-275529259-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\piotr\AppData\Roaming\IDM\idmmzcc5 => nie znaleziono FF HKU\S-1-5-21-2830509316-4061959040-275529259-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi => nie znaleziono CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2019-10-28] (Zemana Ltd. -> Zemana Ltd.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ZAM.exe" /service => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ZAM.exe" /service => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\zam64.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\zamguard64.sys => ""="Driver" FirewallRules: [{944CC85C-0769-4F1D-8C1F-B7AA8E8969FD}] => (Allow) D:\Program Files (x86)\FormatFactory\FormatFactory.exe (暇光软件科技(上海)有限公司 -> Free Time Co., Ltd.) FirewallRules: [{7DEE16D5-8477-4823-BD4D-39200DD18B01}] => (Allow) D:\Program Files (x86)\FormatFactory\FormatFactory.exe (暇光软件科技(上海)有限公司 -> Free Time Co., Ltd.) FirewallRules: [{AF864C2D-F49B-41D1-87D2-71A05ED122A4}] => (Allow) D:\Program Files (x86)\FormatFactory\FormatFactory.exe (暇光软件科技(上海)有限公司 -> Free Time Co., Ltd.) FirewallRules: [{C349CAB8-6BA6-466E-8140-0A37BDB38205}] => (Allow) D:\Program Files (x86)\FormatFactory\FormatFactory.exe (暇光软件科技(上海)有限公司 -> Free Time Co., Ltd.) FirewallRules: [{E5D10CAD-201D-4A90-9BB1-0CB9913CE867}] => (Allow) D:\Program Files (x86)\FormatFactory\FormatFactory.exe (暇光软件科技(上海)有限公司 -> Free Time Co., Ltd.) FirewallRules: [{BB7E5391-5371-4256-AE25-DA5328993F87}] => (Allow) D:\Program Files (x86)\FormatFactory\FormatFactory.exe (暇光软件科技(上海)有限公司 -> Free Time Co., Ltd.) FirewallRules: [{35CC8EF4-A8C0-40E7-98FA-CE8A5C998954}] => (Allow) D:\Program Files (x86)\FormatFactory\FormatFactory.exe (暇光软件科技(上海)有限公司 -> Free Time Co., Ltd.) FirewallRules: [{FBC9566D-AA89-43A4-A3FC-F068355B97C5}] => (Allow) D:\Program Files (x86)\FormatFactory\FormatFactory.exe (暇光软件科技(上海)有限公司 -> Free Time Co., Ltd.) FirewallRules: [{F4645740-56F8-49E3-AF7E-9FD50CECA5C6}] => (Allow) D:\Program Files (x86)\FormatFactory\FormatFactory.exe (暇光软件科技(上海)有限公司 -> Free Time Co., Ltd.) FirewallRules: [{5C07111B-B4FE-4EC0-A6AA-76051E66A60C}] => (Allow) D:\Program Files (x86)\FormatFactory\FormatFactory.exe (暇光软件科技(上海)有限公司 -> Free Time Co., Ltd.) FirewallRules: [{C0D7D8D5-DB81-42E7-A388-9579800FC78E}] => (Allow) D:\Program Files (x86)\FormatFactory\FormatFactory.exe (暇光软件科技(上海)有限公司 -> Free Time Co., Ltd.) FirewallRules: [{8952C2AC-18F5-4A62-898D-CE7553BA22ED}] => (Allow) D:\Program Files (x86)\FormatFactory\FormatFactory.exe (暇光软件科技(上海)有限公司 -> Free Time Co., Ltd.) FirewallRules: [{9F1F8508-78DD-4303-AEC4-8E7F06FFFBEB}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{E85E93FC-FA01-4F86-851C-23DE6201B450}] => (Allow) D:\Program Files (x86)\FormatFactory\FormatFactory.exe (暇光软件科技(上海)有限公司 -> Free Time Co., Ltd.) FirewallRules: [{B632E50F-50B6-4B94-98EF-E933ED83C8BF}] => (Allow) D:\Program Files (x86)\FormatFactory\FormatFactory.exe (暇光软件科技(上海)有限公司 -> Free Time Co., Ltd.) FirewallRules: [{C5491003-8F15-4C75-925F-6F8DA6E7C5B9}] => (Allow) D:\Program Files (x86)\FormatFactory\FormatFactory.exe (暇光软件科技(上海)有限公司 -> Free Time Co., Ltd.) FirewallRules: [{AD93177B-A931-493A-916D-807CB8DB6735}] => (Allow) D:\Program Files (x86)\FormatFactory\FormatFactory.exe (暇光软件科技(上海)有限公司 -> Free Time Co., Ltd.) reg: REG add "HKLM\SYSTEM\CurrentControlSet\services\MpsSvc" /v Start /t REG_DWORD /d 2 /f reg: REG add "HKLM\SYSTEM\CurrentControlSet\services\MpsSvc" /v DelayedAutostart /t REG_DWORD /d 1 /f cmd: net start MpsSvc