jessica

AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Ograniczenia <==== UWAGA
RemoveDirectory: C:\Users\pawel\Desktop\FRST-OlderVersion
C:\WINDOWS\system32\Tasks\AVAST Software
Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"}
EmptyTemp:

S3 HWiNFO_150; \??\C:\Users\ARTUR\AppData\Local\Temp\HWiNFO64A_150.SYS [X] <==== UWAGA
C:\ProgramData\DisplaySessionContainer*.log_backup1
Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"}
FirewallRules: [{C4E707A4-5315-47A5-A0A0-85BE663BAC53}] => (Allow) C:\Users\ARTUR\AppData\Local\Programs\Opera\68.0.3618.125\opera.exe => Brak pliku
FirewallRules: [{B73D3B82-5F3B-4D1B-ADF8-F37CA5372E48}] => (Allow) C:\Users\ARTUR\AppData\Local\Programs\Opera\68.0.3618.125_2\opera.exe => Brak pliku
FirewallRules: [TCP Query User{C138084C-6DB9-4F14-8994-373C096B20A1}C:\users\ar2r\appdata\local\programs\opera\68.0.3618.125\opera.exe] => (Allow) C:\users\ar2r\appdata\local\programs\opera\68.0.3618.125\opera.exe => Brak pliku
FirewallRules: [UDP Query User{4FF0D254-1161-4B4A-B614-A65857609139}C:\users\ar2r\appdata\local\programs\opera\68.0.3618.125\opera.exe] => (Allow) C:\users\ar2r\appdata\local\programs\opera\68.0.3618.125\opera.exe => Brak pliku
FirewallRules: [{9011750A-F110-4AF2-8A96-44210C49F5A2}] => (Block) C:\users\ar2r\appdata\local\programs\opera\68.0.3618.125\opera.exe => Brak pliku
FirewallRules: [{A3AF35D3-7B53-4A62-9D1C-778A5FBB8183}] => (Block) C:\users\ar2r\appdata\local\programs\opera\68.0.3618.125\opera.exe => Brak pliku
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\ASUS Live Update.Lnk
EmptyTemp:

HKU\S-1-5-21-1089871727-2613707379-2673470617-1001\...\Command Processor: @mode 15,1 & tasklist /FI "IMAGENAME eq SoundMixer.exe" 2>NUL | find /I /N "SoundMixer.exe">NUL && exit & if exist "C:\Users\Kalinow\AppData\Roaming\Microsoft\SoundMixer\SoundMixer.exe" ( start /MIN "" "C:\Users\Kalinow\AppData\Roaming\Microsoft\SoundMixer\SoundMixer.exe" & tasklist /FI "IMAGENAME eq explorer.exe" 2>NUL | find /I /N "explorer.exe">NUL && exit & explorer.exe & exit ) else ( tasklist /FI "IMAGENAME eq explorer.exe" 2>NUL | find /I /N "explorer.exe">NUL && exit & explorer.exe & exit ) <==== ATTENTION
RemoveDirectory: C:\Users\Kalinow\AppData\Roaming\Microsoft\SoundMixer
2015-11-27 11:26 - 2016-02-28 13:29 - 000000074 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
S2 browserServer_2015.11.03.12.05.41; C:\Program Files (x86)\ghokswa Browser\ghokswa\bin\browserServer.exe [X]
S2 MapcarP; "C:\ProgramData\Mapcar\Mapcar.exe" [X]
S2 MapcarU; "C:\Program Files (x86)\Mapcar\Update\MapcarUpdate.exe" [X]
RemoveDirectory: C:\Program Files (x86)\ghokswa Browser
RemoveDirectory: C:\Users\Kalinow\Downloads\FRST-OlderVersion
2009-07-14 03:14 - 2009-07-14 03:14 - 000073216 ____N (Microsoft Corporation) C:\Program Files (x86)\Common Files\CYPqYinCiOOOK.exe
2015-05-19 22:01 - 2015-08-01 23:05 - 000000024 _____ () C:\Users\Kalinow\AppData\Roaming\appdataFr25.bin
2017-01-12 14:25 - 2017-01-30 20:38 - 000000052 _____ () C:\Users\Kalinow\AppData\Roaming\die.bat
2018-08-16 14:05 - 2018-08-16 14:05 - 000000002 _____ () C:\Users\Kalinow\AppData\Local\imw.ini
FirewallRules: [TCP Query User{509F2D6A-056E-4604-9275-8D1ABCB712DE}C:\gry\gry zainstalowane\far cry 4\bin\farcry4.exe] => (Allow) C:\gry\gry zainstalowane\far cry 4\bin\farcry4.exe => No File
FirewallRules: [UDP Query User{A57A9F60-666B-4431-98D5-C0C3415F1908}C:\gry\gry zainstalowane\far cry 4\bin\farcry4.exe] => (Allow) C:\gry\gry zainstalowane\far cry 4\bin\farcry4.exe => No File
FirewallRules: [TCP Query User{EB862353-7719-46FF-9E6B-C143714F980D}C:\gry\far cry® 4\bin\farcry4.exe] => (Allow) C:\gry\far cry® 4\bin\farcry4.exe => No File
FirewallRules: [UDP Query User{F57F9EF3-C68C-4BE9-8A27-C92A4C81A966}C:\gry\far cry® 4\bin\farcry4.exe] => (Allow) C:\gry\far cry® 4\bin\farcry4.exe => No File
FirewallRules: [{A57492F0-08C9-4B11-AB74-6E06F39B2E77}] => (Allow) C:\Program Files (x86)\Rockstar Games\EFLC\LaunchEFLC.exe => No File
FirewallRules: [{872E24DB-E6CB-4E52-BF57-3D52F105144C}] => (Allow) C:\Program Files (x86)\Rockstar Games\EFLC\LaunchEFLC.exe => No File
FirewallRules: [{67DDCEFB-DAB7-4BDD-934E-2F6BCEE5CDBD}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe => No File
FirewallRules: [{91ACF903-C509-4A81-9DF7-69CB75B87701}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe => No File
FirewallRules: [{E75E50D9-A848-412A-8D5C-4B7D7F2285D2}] => (Allow) C:\GRY\Hearthstone\Hearthstone.exe => No File
FirewallRules: [{5849B3C3-31D7-468F-8988-29749E3CC1B2}] => (Allow) C:\GRY\Hearthstone\Hearthstone.exe => No File
FirewallRules: [{62F0E20C-263B-45BC-A2BD-DAF9FC0BB70E}] => (Allow) C:\Program Files (x86)\Counter-Strike Global Offensive\Run_CSGO.exe => No File
FirewallRules: [{EE9D93D4-C9D2-475A-8402-48FB1830EB25}] => (Allow) C:\Program Files (x86)\Counter-Strike Global Offensive\revLoader.exe => No File
FirewallRules: [{FF63D424-90A5-4875-8FD0-82CC60D6724D}] => (Allow) C:\Program Files (x86)\Counter-Strike Global Offensive\csgo.exe => No File
FirewallRules: [{E8475F6E-9A2F-4FAD-BB80-1FAA74EFC053}] => (Allow) C:\Program Files (x86)\Counter-Strike Global Offensive\Run_CSGO.exe => No File
FirewallRules: [{7488DF7A-B8E2-442F-BBCB-AD6A263BC06D}] => (Allow) C:\Program Files (x86)\Counter-Strike Global Offensive\revLoader.exe => No File
FirewallRules: [{6ED89F59-B548-4631-8C06-06C5CFC939B3}] => (Allow) C:\Program Files (x86)\Counter-Strike Global Offensive\csgo.exe => No File
FirewallRules: [{6AC47637-4869-4020-BF25-248FDA3A34F8}] => (Allow) C:\Program Files (x86)\Call of Duty Modern Warfare 3\iw5sp.exe => No File
FirewallRules: [{B6E110B1-84A4-4FC1-AE75-0D42C2F43E9D}] => (Allow) C:\Program Files (x86)\Call of Duty Modern Warfare 3\iw5sp.exe => No File
FirewallRules: [{C9D5A327-2075-407B-B465-88EC9EDABF68}] => (Allow) C:\Program Files (x86)\worldofwarship\WoWSLauncher.exe => No File
FirewallRules: [{0CA66325-2F43-4E59-8470-3F5E139160ED}] => (Allow) C:\Program Files (x86)\worldofwarship\WoWSLauncher.exe => No File
FirewallRules: [{1959C1B5-200F-4526-83B0-55A2CF4DA276}] => (Allow) C:\Program Files (x86)\worldofwarship\worldofwarships.exe => No File
FirewallRules: [{1B59A22D-283D-4DB2-8AA4-3A62D8D6DF27}] => (Allow) C:\Program Files (x86)\worldofwarship\worldofwarships.exe => No File
FirewallRules: [{7966BCED-5155-485E-8892-616AB8284A3A}] => (Allow) C:\Program Files (x86)\world of tanks\WoTLauncher.exe => No File
FirewallRules: [{70EB8B8E-A83D-4C5D-A3BE-9A5549317D78}] => (Allow) C:\Program Files (x86)\world of tanks\WoTLauncher.exe => No File
FirewallRules: [{8CF9673C-1400-48E4-8945-FFDB976DB526}] => (Allow) C:\Program Files (x86)\world of tanks\worldoftanks.exe => No File
FirewallRules: [{973A76BF-F107-4F28-851C-0FE5FE2A3480}] => (Allow) C:\Program Files (x86)\world of tanks\worldoftanks.exe => No File
FirewallRules: [{9105D077-A3E8-4177-A4CE-81532E66BA50}] => (Allow) C:\ProgramData\Google\update\GoogleUpdate.exe => No File
FirewallRules: [{E9742291-12A4-4FD3-AE63-36F5158A5172}] => (Allow) C:\Program Files (x86)\LG Software\LG Smart Share\DMS\SmartShareDMS.exe => No File
FirewallRules: [{C5A1E7E8-BD13-4469-BEE1-8E2FF1C66D66}] => (Allow) C:\Program Files (x86)\LG Software\LG Smart Share\DMS\SmartShareDMS.exe => No File
FirewallRules: [{B3EF5FBB-837F-491F-96D7-4166A262B330}] => (Allow) C:\Program Files (x86)\LG Software\LG Smart Share\DMR\SmartShareDMR.exe => No File
FirewallRules: [{8534B21C-EDC8-4BEC-90F4-12E033081226}] => (Allow) C:\Program Files (x86)\LG Software\LG Smart Share\DMR\SmartShareDMR.exe => No File
FirewallRules: [TCP Query User{CDE3AEA9-8B64-4BE2-8AAA-4F49CF278C99}C:\programy\steam\steamapps\common\newz\thenewz.exe] => (Allow) C:\programy\steam\steamapps\common\newz\thenewz.exe => No File
FirewallRules: [UDP Query User{11BC954C-C2F6-4988-835E-99A7700B000C}C:\programy\steam\steamapps\common\newz\thenewz.exe] => (Allow) C:\programy\steam\steamapps\common\newz\thenewz.exe => No File
FirewallRules: [{9BA87A03-5D9E-4A9B-8894-EE6F60F3BF77}] => (Allow) C:\Program Files (x86)\Garena\Garena\2.0.1709.2513\gxxsvc.exe => No File
FirewallRules: [{8C089F30-A886-4F1B-BC4F-B5DE60B487C0}] => (Allow) C:\Program Files (x86)\Garena\Garena\2.0.1711.2118\gxxsvc.exe => No File
FirewallRules: [{88AA3294-6B29-4494-AC35-0B2339309CBC}] => (Allow) C:\Program Files (x86)\Fifa Online 3\32793\fifazf.exe => No File
FirewallRules: [{1A391657-5178-4C00-A0E6-AE7312D876D5}] => (Allow) C:\Program Files (x86)\Fifa Online 3\32793\fifazf.exe => No File
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1089871727-2613707379-2673470617-1001\...\Winlogon: [Shell] C:\Windows\Explorer.exe [3231232 2016-04-09] (Microsoft Windows -> Microsoft Corporation) <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {147B9DF3-8F35-436B-AEDA-967386195AAE} - \{BF47A92B-74F2-D0A0-5B68-03A49340035B} -> No File <==== ATTENTION
Task: {2CC3A717-0D2E-491D-8A72-D089214FBF7B} - System32\Tasks\{163EB802-9352-48F0-BC88-57158CC0A978} => C:\Windows\system32\pcalua.exe -a E:\Install.exe -d E:\
Task: {4178062C-B0C3-475D-974B-E7ED6F7FB5D9} - \{DCFA04BD-7185-473B-8F36-97B94A343619} -> No File <==== ATTENTION
Task: {94046E01-3A09-49FB-AAC2-76016B31C5EB} - \LuckyBrowse -> No File <==== ATTENTION
Task: {B51904D5-6A8A-461B-AB14-65FA7E0D12C6} - \{06AAEFFA-FC6F-A5AC-57C2-3DA9E0D2DC39} -> No File <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.key-find.com/web/?type=dspp&ts=1423688905&from=cor&uid=HitachiXHDT721010SLA360_STF607MS032JHK032JHKX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://v9.com/?type=hp&ts=1450263622&from=mych123&uid=hitachixhdt721010sla360_stf607ms032jhk032jhkx&z=7109365c2671bba66a5ec10gaz8w6efo0q4c9q2o5c
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.key-find.com/web/?type=dspp&ts=1423688905&from=cor&uid=HitachiXHDT721010SLA360_STF607MS032JHK032JHKX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://v9.com/?type=hp&ts=1450263622&from=mych123&uid=hitachixhdt721010sla360_stf607ms032jhk032jhkx&z=7109365c2671bba66a5ec10gaz8w6efo0q4c9q2o5c
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131248158105437600&GUID=00000000-0000-0000-0000-000000000000
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://v9.com/?type=hp&ts=1450263622&from=mych123&uid=hitachixhdt721010sla360_stf607ms032jhk032jhkx&z=7109365c2671bba66a5ec10gaz8w6efo0q4c9q2o5c
HKU\S-1-5-21-1089871727-2613707379-2673470617-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-1089871727-2613707379-2673470617-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pl-pl/?ocid=iehp
SearchScopes: HKLM -> OldSearch URL = hxxp://www.key-find.com/web/?type=dspp&ts=1423688905&from=cor&uid=HitachiXHDT721010SLA360_STF607MS032JHK032JHKX&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfVoPBw5GEwAXbVtbBQlcFVcReBQBBV8QDARCJQ0PBF9HGFETcB9aFQQTSEcFME0FCFwEURNNfWlXElAFSENGBlBWBUo=&q={searchTerms}
SearchScopes: HKLM -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.key-find.com/web/?type=dspp&ts=1423688905&from=cor&uid=HitachiXHDT721010SLA360_STF607MS032JHK032JHKX&q={searchTerms}
SearchScopes: HKLM-x32 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://v9.com/web?type=ds&ts=1450263622&from=zzgbkk123&uid=hitachixhdt721010sla360_stf607ms032jhk032jhkx&z=7109365c2671bba66a5ec10gaz8w6efo0q4c9q2o5c&q={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-1089871727-2613707379-2673470617-1001 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-1089871727-2613707379-2673470617-1001 -> OldSearch URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1089871727-2613707379-2673470617-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1089871727-2613707379-2673470617-1001 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfVoPBw5GEwAXbVtbBQlcFVcReBQBBV8QDARCJQ0PBF9HGFETcB9aFQQTSEcFME0FCFwEURNNfWlXElAFSENGBlBWBUo=&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1089871727-2613707379-2673470617-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfVoPBw5GEwAXbVtbBQlcFVcReBQBBV8QDARCJQ0PBF9HGFETcB9aFQQTSEcFME0FCFwEURNNfWlXElAFSENGBlBWBUo=&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1089871727-2613707379-2673470617-1001 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://v9.com/web?type=ds&ts=1450263622&from=zzgbkk123&uid=hitachixhdt721010sla360_stf607ms032jhk032jhkx&z=7109365c2671bba66a5ec10gaz8w6efo0q4c9q2o5c&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1089871727-2613707379-2673470617-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1089871727-2613707379-2673470617-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
BHO: Expressivo -> {85F685C3-20D9-4943-95E4-EB4224056C3F} -> C:\Program Files (x86)\ivo\Expressivo\integr\ih-iexplorer\IH_iexplorer_x64.dll => No File
BHO-x32: Expressivo -> {85F685C3-20D9-4943-95E4-EB4224056C3F} -> C:\Program Files (x86)\ivo\Expressivo\integr\ih-iexplorer\IH_iexplorer.dll => No File
Toolbar: HKLM - Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - C:\Program Files (x86)\ivo\Expressivo\integr\ih-iexplorer\IH_iexplorer_x64.dll No File
Toolbar: HKLM-x32 - Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - C:\Program Files (x86)\ivo\Expressivo\integr\ih-iexplorer\IH_iexplorer.dll No File
StartMenuInternet: IEXPLORE.EXE - c:\program files\internet explorer\iexplore.exe hxxp://www.yoursearching.com/?type=sc&ts=1456513507&z=864d3c9036b5bf85157f4ebg0z5w6q4w3geccw2e6m&from=face&uid=HitachiXHDT721010SLA360_STF607MS032JHK032JHKX
FF NetworkProxy: Comodo\IceDragon\Profiles\kww6x2m2.default -> autoconfig_url", "data:text/javascript,%2F*windscribe*%2Ffunction%20FindProxyForURL(url%2C%20host)%20%7B%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20if%20(isPlainHostName(host)%20%7C%7C%20%20shExpMatch(host%2C%20%22*.local%22)%20%7C%7C%20shExpMatch(host%2C%20%22*.int%22)%20%7C%7C%20shExpMatch(url%2C%20%22*%3A%2F%2Fapi.windscribe.com%2F*%22))%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20return%20%22DIRECT%22%3B%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20var%20lanIps%20%3D%20%2F(%5E127.)%7C(%5E192.168.)%7C(%5E10.)%7C(%5E172.1%5B6-9%5D.)%7C(%5E172.2%5B0-9%5D.)%7C(%5E172.3%5B0-1%5D.)%2F%3B%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20if(lanIps.test(host))%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20return%20%22DIRECT%22%3B%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20if%20(url.substring(0%2C%205)%20%3D%3D%20'http%3A'%20%7C%7C%20url.substring(0%2C%206)%20%3D%3D%20'https%3A'%20%7C%7C%20url.substring(0%2C%204)%20%3D%3D%20'ftp%3A'%20%7C%7C%20url.substring(0%2C%203)%20%3D%3D%20'ws%3A')%20%7B%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20return%20%22HTTPS%20ext-start.windscribe.com%22%3B%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%7D%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20return%20'DIRECT'%3B%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%7D"
S1 MPCKpt; system32\DRIVERS\MPCKpt.sys [X] <==== ATTENTION
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"}
EmptyTemp:

HKU\S-1-5-21-910847060-2977998255-1486674742-1001\...\Run: [AdobeBridge] => [X]
GroupPolicy: Restriction ? <==== ATTENTION
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\smartmontools\smartmontools Home Page.lnk
Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"}
EmptyTemp:

HKU\S-1-5-21-1752452294-2247239551-2128934604-1001\...\Winlogon: [Shell] %comspec% <==== UWAGA
HKU\S-1-5-21-1752452294-2247239551-2128934604-1001\...\Command Processor: @mode 20,5 & tasklist /FI "IMAGENAME eq SoundMixer.exe" 2>NUL | find /I /N "SoundMixer.exe">NUL && exit & if exist "C:\Users\Misiek\AppData\Roaming\Microsoft\SoundMixer\SoundMixer.exe" ( start /MIN "" "C:\Users\Misiek\AppData\Roaming\Microsoft\SoundMixer\SoundMixer.exe" & tasklist /FI "IMAGENAME eq explorer.exe" 2>NUL | find /I /N "explorer.exe">NUL && exit & explorer.exe & exit ) else ( tasklist /FI "IMAGENAME eq explorer.exe" 2>NUL | find /I /N "explorer.exe">NUL && exit & explorer.exe & exit ) <==== UWAGA
RemoveDirectory: C:\Users\Misiek\AppData\Roaming\Microsoft\SoundMixer
HKU\S-1-5-21-1752452294-2247239551-2128934604-1001\...\Run: [SysHelper] => "C:\Users\Misiek\AppData\Local\23dcbc28-3f5b-4cb0-817b-f26156f8018d\syozamitmiteyle.exe" --AutoStart <==== UWAGA
RemoveDirectory: C:\Users\Misiek\AppData\Local\23dcbc28-3f5b-4cb0-817b-f26156f8018d
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Ograniczenia <==== UWAGA
CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <==== UWAGA
S1 agxexgys; \??\C:\Windows\system32\drivers\agxexgys.sys [X]
S3 NTIOLib_CC_COMM; \??\D:\DragonCenter\Lib\SYS\NTIOLib_X64.sys [X]
S3 NTIOLib_CC_CPU; \??\D:\DragonCenter\Lib\Super_Charger\NTIOLib_X64.sys [X]
Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"}
EmptyTemp:

VirusTotal: C:\Users\Maciej\AppData\Roaming\systray\systrayamd64.dll
Task: {2761B2B9-FC90-4366-B791-4384E85CC8A0} - System32\Tasks\GOOGLEUPDATETASKMACHINEUAC => C:\Users\Maciej\AppData\Roaming\d_temp\service.exe [1084928 2020-06-26] () [Brak podpisu cyfrowego] <==== UWAGA
C:\Users\Maciej\AppData\Roaming\d_temp
Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"}
C:\WINDOWS\Minidump\*.dmp
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico\AutoPico.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico\KMSpico.lnk
EmptyTemp:

FirewallRules: [{00A83A8D-D16A-46D8-BCA9-3F7E40FB88DD}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe => Brak pliku
FirewallRules: [{F3751174-2C6B-4BBF-A4B3-E4A7DE19AEA8}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe => Brak pliku
FirewallRules: [{0A89515C-D4ED-457C-96DA-9F1BA4D6DD34}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe => Brak pliku
FirewallRules: [{7F8261F2-8A6B-4391-9B0F-E368FA77EC18}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe => Brak pliku
FirewallRules: [{DF5DFC4C-6787-49BD-B5BF-87F8A1C8E837}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe => Brak pliku
FirewallRules: [{E36F740E-F65F-4293-AC0B-73F910C90782}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe => Brak pliku
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Co nowego w ostatniej wersji.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Podręcznik RARa dla konsoli.lnk
EmptyTemp:

Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"}
HKU\S-1-5-21-601389225-2260710370-3730533231-1001\...\Run: [Google Update] => C:\Users\Szymczak\AppData\Local\Google\Update\1.3.35.452\GoogleUpdateCore.exe [217544 2020-03-20] (Google LLC -> Google LLC)
HKU\S-1-5-21-601389225-2260710370-3730533231-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [5263040 2018-01-30] (Disc Soft Ltd -> Disc Soft Ltd)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Ograniczenia <==== UWAGA
CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <==== UWAGA

EmptyTemp:

RemoveDirectory: C:\Program Files (x86)\zalapa
RemoveDirectory: C:\Users\super\AppData\Roaming\ki2c2ltea34
RemoveDirectory: C:\Program Files (x86)\Jfiz
RemoveDirectory: C:\ProgramData\Newf
Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"}
EmptyTemp:

C:\Users\Jola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JajuwaServer.exe
Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"}
EmptyTemp:

S0 avgArDisk; C:\WINDOWS\System32\drivers\avgArDisk.sys [37208 2020-07-04] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgArPot; C:\WINDOWS\System32\drivers\avgArPot.sys [205952 2020-07-04] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\WINDOWS\System32\drivers\avgbidsdriver.sys [235656 2020-07-04] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\WINDOWS\System32\drivers\avgbidsh.sys [195720 2020-07-04] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\WINDOWS\System32\drivers\avgbuniv.sys [61064 2020-07-04] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgKbd; C:\WINDOWS\System32\drivers\avgKbd.sys [42840 2020-07-04] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\WINDOWS\System32\drivers\avgMonFlt.sys [175264 2020-07-04] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgNetHub; C:\WINDOWS\System32\drivers\avgNetHub.sys [514520 2020-07-04] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\WINDOWS\System32\drivers\avgRdr2.sys [109336 2020-07-04] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S0 avgRvrt; C:\WINDOWS\System32\drivers\avgRvrt.sys [84912 2020-07-04] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\WINDOWS\System32\drivers\avgSnx.sys [851664 2020-07-04] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\WINDOWS\System32\drivers\avgSP.sys [466304 2020-07-04] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S2 avgStm; C:\WINDOWS\System32\drivers\avgStm.sys [216880 2020-07-04] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\WINDOWS\System32\drivers\avgVmm.sys [323344 2020-07-04] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)