jessica

FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\kl_prefs_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.js [2019-12-04] <==== UWAGA (Linkuje do pliku *.cfg)
FF ExtraCheck: C:\Program Files\mozilla firefox\kl_config_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.cfg [2019-12-04] <==== UWAGA
Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"}
FirewallRules: [{08E0254E-3078-4008-ABD3-8AEC6797DE1E}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe Brak pliku
FirewallRules: [{5A5BB27D-1437-41FC-B3A4-E33F29CF7672}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe Brak pliku
S3 SUService; "C:\Program Files (x86)\Lenovo\System Update\SUService.exe" [X]
EmptyTemp:

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.gmx.com/start?src=p_jkld_pl&p=jkld&p_brw=ie&p_mkt=pl&p_tsrc=dpduiuxvo0kxaikmoikm96&p_w=y2w35
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.gmx.com/start?src=p_jkld_pl&p=jkld&p_brw=ie&p_mkt=pl&p_tsrc=dpduiuxvo0kxaikmoikm96&p_w=y2w35
HKU\S-1-5-21-3906235096-238085844-2236722319-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web-pl.com/
HKU\S-1-5-21-3906235096-238085844-2236722319-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pl-pl/?ocid=iehp
HKU\S-1-5-21-3906235096-238085844-2236722319-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pl-pl/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://search.gmx.com/web/result?origin=p_jkld_pl&p=jkld&p_brw=ie&p_mkt=pl&p_tsrc=dpduiuxvo0kxaikmoikm96&p_w=y2w35&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://search.gmx.com/web/result?origin=p_jkld_pl&p=jkld&p_brw=ie&p_mkt=pl&p_tsrc=dpduiuxvo0kxaikmoikm96&p_w=y2w35&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://search.gmx.com/web/result?origin=p_jkld_pl&p=jkld&p_brw=ie&p_mkt=pl&p_tsrc=dpduiuxvo0kxaikmoikm96&p_w=y2w35&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://search.gmx.com/web/result?origin=p_jkld_pl&p=jkld&p_brw=ie&p_mkt=pl&p_tsrc=dpduiuxvo0kxaikmoikm96&p_w=y2w35&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3906235096-238085844-2236722319-1000 -> DefaultScope {22B1715F-FD64-41DE-AC67-27233CD4DB06} URL = hxxp://www.web-pl.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3906235096-238085844-2236722319-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://search.gmx.com/web/result?origin=p_jkld_pl&p=jkld&p_brw=ie&p_mkt=pl&p_tsrc=dpduiuxvo0kxaikmoikm96&p_w=y2w35&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3906235096-238085844-2236722319-1000 -> {22B1715F-FD64-41DE-AC67-27233CD4DB06} URL = hxxp://www.web-pl.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3906235096-238085844-2236722319-1000 -> {8761917A-309A-4c43-B712-37A183700B86} URL = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=1975384696&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=pl&q={searchTerms}
CHR HomePage: Default -> hxxp://www.web-pl.com/
CHR StartupUrls: Default -> "hxxp://www.web-pl.com/"
CHR DefaultSearchURL: Default -> hxxp://www.web-pl.com/search?q={searchTerms}
CHR DefaultSearchKeyword: Default -> Szukaj
Reboot:

HKU\S-1-5-21-955475205-2621069176-4123217926-1001\...\Winlogon: [Shell] explorer.exe,Explorer.exe <==== UWAGA
Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"}
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA
GroupPolicy: Ograniczenia ? <==== UWAGA
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Ograniczenia <==== UWAGA
Task: {03535854-8718-4dc8-a369-dada104efdf0} - Brak ścieżki do pliku
Task: {0c9d0eed-f37e-4093-88ed-6e3c0297eb00} - Brak ścieżki do pliku
Task: {175863e0-7eb8-4c43-ba4e-19a80dc0f62c} - Brak ścieżki do pliku
Task: {19ac116e-d890-4c0c-9a06-cd4ccd3c4242} - Brak ścieżki do pliku
Task: {1bd7cd9a-ca92-475c-b19a-28fc50c2b2d3} - Brak ścieżki do pliku
Task: {238e0869-4b1e-4052-8e34-1d53e0e7398e} - Brak ścieżki do pliku
Task: {2c61474e-f845-413a-8d71-23d6dcd20d59} - Brak ścieżki do pliku
Task: {30b02861-b986-402f-bab3-bcaa35f3cf37} - Brak ścieżki do pliku
Task: {3ad0357c-5943-4bcb-b04d-7b7efcf2636b} - Brak ścieżki do pliku
Task: {400ecef3-b711-4925-843f-d47d314634d9} - Brak ścieżki do pliku
Task: {421e652a-9911-4359-ac35-c6982911cf73} - Brak ścieżki do pliku
Task: {499d197b-41b4-410c-a114-91d6236e75e0} - Brak ścieżki do pliku
Task: {4ebf0628-1b85-4692-846a-c0b9391b3343} - Brak ścieżki do pliku
Task: {50661589-9828-4bca-8e8b-4d318b8c0c7d} - Brak ścieżki do pliku
Task: {5a6d7103-e059-4329-a43f-48126ff7b631} - Brak ścieżki do pliku
Task: {5ca6094e-3527-4542-b35a-3869ba36a8ca} - Brak ścieżki do pliku
Task: {658fb38c-8b59-467f-99e5-6011f15a1a08} - Brak ścieżki do pliku
Task: {66365e98-e0e4-438b-aa89-c87b73bf85dd} - Brak ścieżki do pliku
Task: {695fb407-19d1-4f8f-8a89-8eb4cc8e3d5a} - Brak ścieżki do pliku
Task: {6bb65b06-047e-4b2d-ac87-c220d7e4870e} - Brak ścieżki do pliku
Task: {708edd0a-0489-47e2-b051-9d1503b769e3} - Brak ścieżki do pliku
Task: {783cef67-41be-426b-ac3e-c07055b42a99} - Brak ścieżki do pliku
Task: {7a0d633f-daa4-4dca-a2ed-d8ca7d920ae7} - Brak ścieżki do pliku
Task: {89a108a1-a29f-4855-9248-151d42c810ca} - Brak ścieżki do pliku
Task: {8e6e5998-818c-4ca8-9a44-d1f546b85dd9} - Brak ścieżki do pliku
Task: {928f7b39-ddbe-4b0b-be69-10de6a0b8613} - Brak ścieżki do pliku
Task: {9538dd69-7a69-4c98-aea6-14c103fea9c0} - Brak ścieżki do pliku
Task: {989b7700-22d4-409b-9329-38c8c8b81741} - Brak ścieżki do pliku
Task: {a2353781-4ca5-4120-9709-160902e94fb8} - Brak ścieżki do pliku
Task: {a3a620c1-802e-4139-a6bc-3391cda3a7fc} - Brak ścieżki do pliku
Task: {a5de8a7a-3a87-416a-a70d-0ea62e47ec83} - Brak ścieżki do pliku
Task: {ab0b7cfe-6bb8-4ed5-99a8-95d0863d4c6b} - Brak ścieżki do pliku
Task: {afe5d7f4-0b8b-4963-a4fc-4a55d9c2af1f} - Brak ścieżki do pliku
Task: {bb3d3906-655c-447f-96d1-160b143c59c3} - Brak ścieżki do pliku
Task: {bf089ab9-0845-48e8-9ef5-a0fdb5277455} - Brak ścieżki do pliku
Task: {c71bcd81-e2f8-4629-b034-b595ff169d53} - Brak ścieżki do pliku
Task: {d4b8bf95-474a-47e5-adab-be182f28b81c} - Brak ścieżki do pliku
Task: {d6ce05d5-8a17-43a2-bd01-bda664dc6157} - Brak ścieżki do pliku
Task: {d8b66d5d-0fdd-457c-abcf-0f22255a539c} - Brak ścieżki do pliku
Task: {da7e7a61-d5ce-4e17-aa3e-e1b7db7b5a41} - Brak ścieżki do pliku
Task: {e2f6a1bc-1d5d-49a9-816c-034cbac9d4ec} - Brak ścieżki do pliku
Task: {ef013566-4a44-4701-b2a4-aca80606f7ba} - Brak ścieżki do pliku
Task: {fe2f5608-9c95-4dcc-abaf-a94867d9b3a5} - Brak ścieżki do pliku
BHO: Brak nazwy -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> Brak pliku
BHO: Brak nazwy -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> Brak pliku
Toolbar: HKU\S-1-5-21-955475205-2621069176-4123217926-1001 -> Brak nazwy - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  Brak pliku
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [Brak pliku]
EmptyTemp:

MSCONFIG\Services: ComarchAutomatSynchronizacji => 3
MSCONFIG\Services: ComarchML => 2
HKLM\Software\...\AppCompatFlags\Custom\Comarch ERP Altum HR.exe: [{6713fee8-dd53-48f5-adc5-b5a0498bde48}.sdb] -> Comarch ERP WMPAINT Fix
HKLM\Software\...\AppCompatFlags\Custom\Comarch ERP XL HR.exe: [{6713fee8-dd53-48f5-adc5-b5a0498bde48}.sdb] -> Comarch ERP WMPAINT Fix
HKLM\Software\...\AppCompatFlags\Custom\Comarch OPT!MA.exe: [{6713fee8-dd53-48f5-adc5-b5a0498bde48}.sdb] -> Comarch ERP WMPAINT Fix
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{69197903-09B6-41FA-BA3D-EBB995F63E59}
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Comarch ERP Menadżer Kluczy
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1E9AC3A5-BC6B-4445-B4BB-0E0393569325}
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Comarch ERP Optima
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6713fee8-dd53-48f5-adc5-b5a0498bde48}
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{403DE62D-DCFF-42F5-AABD-46CD530F2F64}
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Crystal Reports dla Comarch ERP Optima
HKLM\Software\...\AppCompatFlags\InstalledSDB\{6713fee8-dd53-48f5-adc5-b5a0498bde48}: [DatabasePath] -> C:\Windows\AppPatch\Custom\{6713fee8-dd53-48f5-adc5-b5a0498bde48}.sdb [2019-10-22]
Task: {DE8699D2-8A05-42F7-8A85-5162AF47D26A} - System32\Tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting => C:\Windows\system32\wermgr.exe [54272 2019-09-10] (Microsoft Corporation) [Brak podpisu cyfrowego] <==== UWAGA
S4 ComarchAutomatSynchronizacji; C:\Program Files\Comarch ERP Optima\ComarchOptimaSerwisOperacjiAutomatycznych.exe [181960 2019-10-22] (Comarch S.A. -> Comarch S.A.)
C:\Program Files\Comarch ERP Optima
S4 ComarchML; C:\Program Files\Comarch\Comarch ERP Menadżer Kluczy\ComarchML.exe [3113672 2019-05-23] (Comarch S.A. -> Comarch S.A.)
C:\Program Files\Comarch\Comarch ERP Menadżer Kluczy
2019-12-03 15:22 - 2019-12-03 15:22 - 000000000 ____D C:\Users\Ewa\AppData\Roaming\Comarch ERP Serwis Zabezpieczen
2019-12-03 15:22 - 2019-12-03 15:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comarch ERP Menadżer Kluczy
2019-12-03 15:22 - 2019-12-03 15:22 - 000000000 ____D C:\Program Files\Comarch
2019-12-03 15:19 - 2019-12-03 15:19 - 000001009 _____ C:\Users\Public\Desktop\Comarch ERP Optima.lnk
2019-12-03 15:15 - 2019-12-03 15:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comarch ERP Optima
2019-12-03 15:15 - 2019-12-03 15:19 - 000000000 ____D C:\Program Files\Comarch ERP Optima
2019-12-03 14:29 - 2019-12-03 15:22 - 000000000 ____D C:\Users\Ewa\AppData\Roaming\Comarch OPT!MA
2019-12-03 14:01 - 2019-12-03 14:14 - 893943864 _____ (Comarch SA ) C:\Users\Ewa\Downloads\ComarchERPOptima2020010540sql.exe
C:\ProgramData\{67B7B89F-6EE3-4CBE-9C51-49DEBE1030BE}
C:\ProgramData\{56C69546-29C6-4859-84B8-77415F98C1C2}
C:\ProgramData\{3010269D-6079-4CA4-A2EB-1A8869CCAB00}
Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"}
EmptyTemp:

Comarch ERP Menadżer Kluczy (HKLM\...\{69197903-09B6-41FA-BA3D-EBB995F63E59}) (Version: 2019.1.1.993 - Comarch SA) Hidden
Comarch ERP Optima (HKLM\...\{1E9AC3A5-BC6B-4445-B4BB-0E0393569325}) (Version: 2020.0.1.0540 - Comarch SA) Hidden
Crystal Reports dla Comarch ERP Optima (HKLM\...\{403DE62D-DCFF-42F5-AABD-46CD530F2F64}) (Version: 1.0.0.0 - Comarch SA) Hidden
Task: {073449AD-9785-4737-99CA-0470E405D18F} - System32\Tasks\{42FF8B04-68CE-4525-A48C-4562F4C9D8D1} => C:\Windows\system32\pcalua.exe -a C:\Users\Ewa\Downloads\CAMERA_LiteOn_vista_070518\2ksetup.exe -d C:\Users\Ewa\Downloads\CAMERA_LiteOn_vista_070518
Task: {4C2AB6C6-2061-4A80-9477-0A87B3C4FD08} - System32\Tasks\{63ABCD59-318A-4996-92D0-E9DE8E2EB544} => C:\Windows\system32\pcalua.exe -a C:\Users\Ewa\Downloads\Audio_VISTA_070517\Setup.exe -d C:\Users\Ewa\Downloads\Audio_VISTA_070517
Task: {58776083-615B-47F1-A77D-DD65F9E9DB0A} - System32\Tasks\{7DB8B4C0-42D5-461D-B4DE-B705013146E8} => C:\Windows\system32\pcalua.exe -a C:\Users\Ewa\Downloads\TV_Tuner_LiteOn_VT\TV_Tuner_LiteOn_VT\DRIVER\2KSETUP.EXE -d C:\Users\Ewa\Downloads\TV_Tuner_LiteOn_VT\TV_Tuner_LiteOn_VT -c 2KSETUP.INI <==== UWAGA
Task: {6623E450-7066-4DB5-A42C-99B5C17B31CC} - System32\Tasks\{CB00897D-0177-4876-9D50-15AF653EAA66} => C:\Windows\system32\pcalua.exe -a C:\Users\Ewa\Downloads\Modem_vista_070214\ssetup.exe -d C:\Users\Ewa\Downloads\Modem_vista_070214
Task: {756FFD5A-0BE3-49E6-B74C-02DC5FF617B0} - System32\Tasks\{42ABF1AF-6D7C-4EF2-8225-21FF40E5CE85} => C:\Windows\system32\pcalua.exe -a C:\Users\Ewa\Downloads\TV_Tuner_AverMedia_A306_VISTA_070517\2KSETUP.EXE -d C:\Users\Ewa\Downloads\TV_Tuner_AverMedia_A306_VISTA_070517
HKU\S-1-5-21-1417262396-676442084-2213640677-1000\...\Winlogon: [Shell] C:\Windows\explorer.exe [2972672 2016-08-29] (Microsoft Corporation) [Brak podpisu cyfrowego] <==== UWAGA
EmptyTemp:

Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"}
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Ograniczenia <==== UWAGA
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.gmx.com/start?src=p_jkld_pl&p=jkld&p_brw=ie&p_mkt=pl&p_tsrc=dpduiuxvo0kxaikmoikm96&p_w=y2w35
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.gmx.com/start?src=p_jkld_pl&p=jkld&p_brw=ie&p_mkt=pl&p_tsrc=dpduiuxvo0kxaikmoikm96&p_w=y2w35
URLSearchHook: HKU\S-1-5-21-3906235096-238085844-2236722319-1000 - SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch64.dll (DeviceVM Inc. -> DeviceVM, Inc.)
URLSearchHook: HKU\S-1-5-21-3906235096-238085844-2236722319-1000 - SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM Inc. -> DeviceVM, Inc.)
URLSearchHook: HKU\S-1-5-21-3906235096-238085844-2236722319-1001 - SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch64.dll (DeviceVM Inc. -> DeviceVM, Inc.)
URLSearchHook: HKU\S-1-5-21-3906235096-238085844-2236722319-1001 - SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM Inc. -> DeviceVM, Inc.)
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://search.gmx.com/web/result?origin=p_jkld_pl&p=jkld&p_brw=ie&p_mkt=pl&p_tsrc=dpduiuxvo0kxaikmoikm96&p_w=y2w35&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://search.gmx.com/web/result?origin=p_jkld_pl&p=jkld&p_brw=ie&p_mkt=pl&p_tsrc=dpduiuxvo0kxaikmoikm96&p_w=y2w35&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://search.gmx.com/web/result?origin=p_jkld_pl&p=jkld&p_brw=ie&p_mkt=pl&p_tsrc=dpduiuxvo0kxaikmoikm96&p_w=y2w35&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://search.gmx.com/web/result?origin=p_jkld_pl&p=jkld&p_brw=ie&p_mkt=pl&p_tsrc=dpduiuxvo0kxaikmoikm96&p_w=y2w35&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3906235096-238085844-2236722319-1000 -> {4578CA09-65B3-4872-A869-FDB52BA50D29} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBD
SearchScopes: HKU\S-1-5-21-3906235096-238085844-2236722319-1000 -> {8761917A-309A-4c43-B712-37A183700B86} URL = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=1975384696&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=pl&q={searchTerms}
CHR DefaultSearchKeyword: Default -> Szukaj
S3 TBPanel; Brak ImagePath
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
EmptyTemp:

HKU\S-1-5-21-91337605-1688675982-3794530512-1001\...\Winlogon: [Shell] %comspec% <==== UWAGA
HKU\S-1-5-21-91337605-1688675982-3794530512-1001\...\Command Processor: @mode 20,5 & tasklist /FI "IMAGENAME eq SoundMixer.exe" 2>NUL | find /I /N "SoundMixer.exe">NUL && exit & if exist ( start /MIN "" & tasklist /FI "IMAGENAME eq explorer.exe" 2>NUL | find /I /N "explorer.exe">NUL && exit & explorer.exe & exit ) else ( tasklist /FI "IMAGENAME eq explorer.exe" 2>NUL | find /I /N "explorer.exe">NUL && exit & explorer.exe & exit ) <==== UWAGA
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\local-settings.js [2016-04-04] <==== UWAGA (Linkuje do pliku *.cfg)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\mozilla.cfg [2017-02-27] <==== UWAGA
Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"}
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA
HKU\S-1-5-21-91337605-1688675982-3794530512-1001\...\Run: [AvastBrowserAutoLaunch_914F65F0DE67311E79669BB1349CFE63] => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1850312 2019-11-05] (AVAST Software s.r.o. -> AVAST Software)
HKU\S-1-5-21-91337605-1688675982-3794530512-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [5263040 2018-01-12] (Disc Soft Ltd -> Disc Soft Ltd)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Ograniczenia <==== UWAGA
CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <==== UWAGA
SearchScopes: HKU\S-1-5-21-91337605-1688675982-3794530512-1001 -> DefaultScope {15051454-306C-41D9-B47C-520BE8126D51} URL =
SearchScopes: HKU\S-1-5-21-91337605-1688675982-3794530512-1001 -> {15051454-306C-41D9-B47C-520BE8126D51} URL =
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
2019-12-04 12:17 - 2019-12-04 12:17 - 000000002 _____ C:\Users\Patryk\Downloads\tuzpmpsciit.txt
2019-12-04 12:17 - 2019-12-04 12:17 - 000000002 _____ C:\Users\Patryk\Downloads\ctfrynmigzubwv.txt
EmptyTemp:

FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\kl_prefs_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.js [2019-12-04] <==== UWAGA (Linkuje do pliku *.cfg)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\kl_config_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.cfg [2019-12-04] <==== UWAGA
Task: {B5E3DB03-E908-49DA-8F2B-A017071685A2} - System32\Tasks\App Explorer => C:\Users\broz1\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe [7407784 2019-11-21] (SweetLabs Inc. -> SweetLabs, Inc) <==== UWAGA

S2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000

C:\Users\broz1\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe
RemoveDirectory: C:\Users\broz1\AppData\Local\Host App Service
S3 NAVENG; \??\C:\Program Files\Norton Security\NortonData\22.9.2.3\Definitions\SDSDefs\20170407.020\NAVENG.SYS [X]
S3 NAVEX15; \??\C:\Program Files\Norton Security\NortonData\22.9.2.3\Definitions\SDSDefs\20170407.020\NAVEX15.SYS [X]
FW: Norton Security (Enabled) {084FC016-54FB-7A6D-DFFC-2B9050228CD1}
AV: Norton Security (Enabled - Up to date) {30744133-1E94-7B35-F4A3-82A5AEF1CBAA}
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\App Explorer.lnk -> C:\Users\broz1\AppData\Local\Host App Service\Engine\HostAppService.exe (SweetLabs, Inc) ->  /OPEN"4efc125e5bdfe64bf86cc73a85a9d56ebf10231c"
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\App Explorer.lnk
S3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [516784 2019-12-03] (Symantec Corporation -> Symantec Corporation)
S3 EraserUtilDrv11910; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11910.sys [154288 2019-12-03] (Symantec Corporation -> Symantec Corporation)
CHR HKLM\...\Chrome\Extension: [elhpdacimkjpccooodognopfhbdgnpbk] - hxxps://chrome.google.com/webstore/detail/elhpdacimkjpccooodognopfhbdgnpbk
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif]
CHR HKLM-x32\...\Chrome\Extension: [elhpdacimkjpccooodognopfhbdgnpbk] - hxxps://chrome.google.com/webstore/detail/elhpdacimkjpccooodognopfhbdgnpbk
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif]
2019-12-04 07:53 - 2017-12-05 21:35 - 000000000 ____D C:\Users\Public\Symantec
2019-12-04 07:53 - 2017-12-05 21:35 - 000000000 ____D C:\ProgramData\NortonInstaller
2019-12-04 07:51 - 2017-12-05 21:21 - 000000000 ____D C:\Users\Default\AppData\Local\Host App Service
2019-12-04 07:51 - 2017-12-05 21:21 - 000000000 ____D C:\Users\Default User\AppData\Local\Host App Service
2019-12-04 03:42 - 2017-12-05 21:35 - 000000000 ____D C:\ProgramData\Norton
Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"}
EmptyTemp:

Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"}
GroupPolicy: Ograniczenia - Chrome <==== UWAGA
CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <==== UWAGA
C:\Users\11111\Desktop\Half-Life 2 - Lost Coast.lnk
C:\Users\11111\Desktop\Half-Life 2.lnk
EmptyTemp:

CreateRestorePoint:
Task: {03087A19-204A-49DE-9658-9A60F26A5204} - System32\Tasks\{A42B2110-2447-4DEC-8AA0-A96696234CAA} => C:\Program Files (x86)\HP\Digital Imaging\bin\Hpqdirec.exe
Task: {0EDBB0DE-F879-4DF5-82F4-DE68A0AB0BE2} - System32\Tasks\{6D57F10C-7C6F-47E9-AA40-25FA5112970E} => C:\Program Files (x86)\HP\Digital Imaging\bin\Hpqdirec.exe
Task: {1110BEC6-03EB-476F-AED1-AB363D9EF47A} - System32\Tasks\{502EDDC4-8358-4606-9FF6-7D8EF3B4A2CB} => C:\Program Files (x86)\HP\Digital Imaging\bin\Hpqdirec.exe
Task: {424CA60A-2587-4BE4-B091-0399A26DBA40} - System32\Tasks\{34883709-96A0-4266-A8B1-36FF487DDA53} => C:\Program Files (x86)\HP\Digital Imaging\bin\Hpqdirec.exe
Task: {7DFF0858-6550-49BD-AC24-B7F7774D9A0F} - System32\Tasks\{DD28E022-F582-4FE4-9201-DAB6427BC1B7} => C:\Program Files (x86)\HP\Digital Imaging\bin\Hpqdirec.exe
Task: {82A03798-CC53-41FD-9DEE-7BC81EC9C476} - System32\Tasks\{5DA41BDA-2967-4AA0-A634-9A16BEB82369} => C:\Program Files (x86)\HP\Digital Imaging\bin\Hpqdirec.exe
Task: {8E5E464B-C465-405C-95D8-2482ADB87EDD} - System32\Tasks\{EED0292C-518C-4293-84E2-EAAED2BB3C80} => C:\Program Files (x86)\HP\Digital Imaging\bin\Hpqdirec.exe
Task: {90443662-86C8-4261-86BA-25CDBFBEA3F8} - System32\Tasks\{D2DDAA20-2561-4625-851C-CFF1BB87F5C3} => C:\Program Files (x86)\HP\Digital Imaging\bin\Hpqdirec.exe
Task: {F2370A0C-928B-4257-9AC5-FB31851337F0} - System32\Tasks\{4800CCAB-66F4-48BD-BAF4-4553B3192C18} => C:\Program Files (x86)\HP\Digital Imaging\bin\Hpqdirec.exe
Task: {F262112D-53AD-43BC-AEBC-D1D1D40B93DC} - System32\Tasks\{F78A2664-E1A9-4B7E-8F72-CFF719347989} => C:\Program Files (x86)\HP\Digital Imaging\bin\Hpqdirec.exe
Task: {FF6554B1-DAA2-4D59-B45E-28835F1548C4} - System32\Tasks\{D74CF746-1014-4D2F-816B-CD2162E30EFD} => C:\Program Files (x86)\HP\Digital Imaging\bin\Hpqdirec.exe
Hewlett-Packard ACLM.NET v1.1.0.0 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
HPDiagnosticAlert (HKLM-x32\...\{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}) (Version: 1.00.0000 - Microsoft) Hidden
RemoveDirectory: C:\Program Files (x86)\HP
2008-12-03 19:05 - 2008-12-03 19:05 - 000089600 _____ (Hewlett-Packard) [Brak podpisu cyfrowego] c:\windows\system32\hpzipm12.dll
Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"}
FF Session Restore: Mozilla\Firefox\Profiles\2tg2krhh.AGACIK-1507937948806 -> [funkcja włączona]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [Brak podpisu cyfrowego]
FirewallRules: [{1ECA6CA6-64EE-4EB6-B6D2-C7B40ABDF63D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe Brak pliku
FirewallRules: [{4FBD44F1-5E8E-4FC7-B048-E706F44A54ED}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe Brak pliku
FirewallRules: [{C36AA81D-E4B8-46F1-8301-000266FD224D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe Brak pliku
FirewallRules: [{15D41561-5EF6-4012-9FD4-8BBBB3B7ACAF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe Brak pliku
FirewallRules: [{4F80E5D3-83AF-49C6-A2EE-119A41EAB139}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe Brak pliku
FirewallRules: [{04812FE5-F991-435E-8A99-476DC9E3F3F4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe Brak pliku
FirewallRules: [{E74B8CC6-D861-454F-A3EB-F24B69DF6F34}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe Brak pliku
FirewallRules: [{2E3C870A-BE38-415C-83B1-C8ECA72DDBB4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe Brak pliku
FirewallRules: [{E439650D-3080-406C-AAA8-462F2A7F092D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe Brak pliku
FirewallRules: [{9FD00313-2CAB-486B-A0D7-8A8453005FD1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe Brak pliku
FirewallRules: [{C747A8AC-7526-49F6-9C84-99519C8D6EED}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe Brak pliku
FirewallRules: [{1B89920F-C2B1-4EC3-B947-4E4F7E230D4C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe Brak pliku
FirewallRules: [{26DC5676-47DC-4C00-B7D8-CDA040E62782}] => (Allow) C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe Brak pliku
FirewallRules: [{CC15B1AE-A464-4AA2-8F74-3A35B7DFC0BF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsudi.exe Brak pliku
FirewallRules: [{30581E7D-FC41-4D21-AE4F-EA58B9CD10BC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpsapp.exe Brak pliku
FirewallRules: [{362BFE42-3CB2-4005-9132-0FE44E1A09BE}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe Brak pliku
FirewallRules: [{EEF2049E-CA7A-401C-BCFF-C5968470FDA9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe Brak pliku
FirewallRules: [{8CA48239-D58A-47B0-92A7-A6CE2BE01DA9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe Brak pliku
FirewallRules: [{65E9086A-4CA7-4990-A2D7-14857AEF2156}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe Brak pliku
FirewallRules: [{CE53B5D0-1D52-4390-95C5-CD5D4F2F3F20}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe Brak pliku
FirewallRules: [{A2AA7765-0406-4C4A-AD4F-6F81897E0985}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe Brak pliku
FirewallRules: [{573BA59F-E8A0-4B02-B168-84B4BBFB7349}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe Brak pliku
FirewallRules: [TCP Query User{EFE2F92A-15B1-4AB3-8081-CD52F950618C}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe Brak pliku
FirewallRules: [UDP Query User{A09DBF85-83BB-40E8-8346-081334AB5DD1}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe Brak pliku
FirewallRules: [{03FFAC5F-B2E1-4201-BF7F-44E867998624}] => (Allow) C:\Users\Agata\AppData\Local\Temp\7zS3182\HPDiagnosticCoreUI.exe (HP Inc. -> HPDC LP)
FirewallRules: [{B7E426B3-477E-4346-84E9-E84AF9A803EB}] => (Allow) C:\Users\Agata\AppData\Local\Temp\7zS3182\HPDiagnosticCoreUI.exe (HP Inc. -> HPDC LP)
FirewallRules: [{BAC1390F-E40B-4ED6-A7CB-5FB3CAB9512F}] => (Allow) C:\Users\Agata\AppData\Local\Temp\7zS32C5\HPDiagnosticCoreUI.exe (HP Inc. -> HPDC LP)
FirewallRules: [{608AB2ED-497A-4C62-9065-27D5B5E47E86}] => (Allow) C:\Users\Agata\AppData\Local\Temp\7zS32C5\HPDiagnosticCoreUI.exe (HP Inc. -> HPDC LP)
FirewallRules: [{3AD72AC4-E246-4A8D-8B25-6F0FF6F1576F}] => (Allow) C:\Users\Agata\AppData\Local\Temp\7zS3334\HPDiagnosticCoreUI.exe (HP Inc. -> HPDC LP)
FirewallRules: [{1717A164-09F6-4974-9288-7BEF6C0AB15F}] => (Allow) C:\Users\Agata\AppData\Local\Temp\7zS3334\HPDiagnosticCoreUI.exe (HP Inc. -> HPDC LP)
FirewallRules: [TCP Query User{DAC41750-B5A4-4C20-94C0-B633A18275DB}C:\program files (x86)\common files\hp scan process machine\imageeng.exe] => (Allow) C:\program files (x86)\common files\hp scan process machine\imageeng.exe Brak pliku
FirewallRules: [UDP Query User{44BEAEB6-155E-43EE-9F35-8AE30ACF97A7}C:\program files (x86)\common files\hp scan process machine\imageeng.exe] => (Allow) C:\program files (x86)\common files\hp scan process machine\imageeng.exe Brak pliku
C:\Users\Agata\AppData\Roaming\Microsoft\Office\Niedawny\spis_midi24.xls.LNK
EmptyTemp: