jessica

START::
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] ->
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Ograniczenia <==== UWA
Task: {185ED804-4A21-4308-AC3E-E76E363DA46E} - System32\Tasks\S-1-5-21-185452805-796166148-205060070-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe (Brak pliku)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\WINDOWS\System32\MbaeParserTask.exe (Brak pliku)
Task: {E4488EC8-41E1-49BE-B4E0-6CFA9F6DDCC8} - System32\Tasks\{5E9C47D5-C2A3-4B5B-9646-23F9F5362F1A} => C:\Program Files\Wizards of the Coast\MTGA\MTGALauncher\Updates\MTGAInstaller_1.0.95.809059.exe -> /i "C:\Users\User1Renamed\AppData\Local\Temp\MTGAinstall\MTGAInstaller.msi" AI_SETUPEXEPATH="C:\Program Files\Wizards of the Coast\MTGA\MTGALauncher\Updates\MTGAInstaller_1.0.95.809059.exe" SETUPEXEDIR="C:\Program Files\Wizards of the Coast\MTGA\MTGALauncher\Updates\" ADDLOCAL=MainFeature,MicrosoftVisualC ALLUSERS="1" PRIMARYFOLDER="APPDIR" ROOTDRIVE="D:\" AI_PREREQFILES="C:\Users\User1Renamed\AppData\Roaming\Wizards of the Coast\MTGA Launcher\prerequisites\Visual C++ Redistributable for Visual Studio 2015-2019\VC_redist.x64_14_29_30135.exe" AI_PREREQDIRS="C:\Users\User1Renamed\AppData\Roaming" AI_MISSING_PREREQS="Visual C++ Redistributable for Visual Studio 2017 x64" AI_SETUPEXEPATH="C:\Program Files\Wizards of the Coast\MTGA\MTGALauncher\Updates\MTGAInstaller_1.0.95.809059.exe" SETUPEXEDIR="C:\Program Files\Wizards of the Coast\MTGA\MTGALauncher\Updates\" AI_INSTALL="1" BIPROCESSTIME="2021-11-11T18:09:14.6034237Z" TARGETLOCKED="TRUE" TARGETDIR="D:\" APPDIR="C:\Program Files\Wizards of the Coast\MTGA\" AI_SETUPEXEPATH_ORIGINAL="C:\Program Files\Wizards of the Coast\MTGA\MTGALauncher\Updates\MTGAInstaller_1.0.95.809059.exe"
Task: {F1409D35-53C3-463E-A4F9-91062595CDEB} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
S4 WacHidRouterPro; \SystemRoot\System32\drivers\wachidrouter.sys [X]
S4 wacomrouterfilter; \SystemRoot\System32\drivers\wacomrouterfilter.sys [X]
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]
FirewallRules: [{B6E73FA0-93EA-4E64-8EF8-ABFF4C700A2A}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe => Brak pliku
FirewallRules: [{489722DA-5E67-4CDE-A964-D8E43F92D7CF}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe => Brak pliku
FirewallRules: [{2EF9512D-EE6D-4819-8547-6D8F9CCCBD43}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe => Brak pliku
FirewallRules: [{AF47F931-BF40-4266-9038-1D07934E7AA7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe => Brak pliku
FirewallRules: [{728A8F2B-3F43-443F-B737-F0FD7D049960}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe => Brak pliku
FirewallRules: [{FCBA8B8F-FF36-403D-AADC-F509A1EC9397}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe => Brak pliku
FirewallRules: [UDP Query User{3A91D687-00C9-4CF9-9526-99950DAD4A2E}C:\program files (x86)\neverwinter_en\neverwinter\live\crashreporterx64.exe] => (Allow) C:\program files (x86)\neverwinter_en\neverwinter\live\crashreporterx64.exe => Brak pliku
FirewallRules: [TCP Query User{D0E1D03B-570D-4851-8204-291553D8BBF9}C:\program files (x86)\neverwinter_en\neverwinter\live\crashreporterx64.exe] => (Allow) C:\program files (x86)\neverwinter_en\neverwinter\live\crashreporterx64.exe => Brak pliku
FirewallRules: [UDP Query User{F8C0F9B9-9E13-4EA0-B945-11238C9473A8}C:\program files (x86)\neverwinter_en\neverwinter\live\x64\gameclient.exe] => (Allow) C:\program files (x86)\neverwinter_en\neverwinter\live\x64\gameclient.exe => Brak pliku
FirewallRules: [TCP Query User{D3165214-C8FC-407D-8DE7-3F73F65D56FB}C:\program files (x86)\neverwinter_en\neverwinter\live\x64\gameclient.exe] => (Allow) C:\program files (x86)\neverwinter_en\neverwinter\live\x64\gameclient.exe => Brak pliku
FirewallRules: [{D7FE6C4F-2B70-4AC2-AA2D-BCA47E9EAD72}] => (Allow) C:\Users\User1Renamed\AppData\Roaming\Zoom\bin\Zoom.exe => Brak pliku
FirewallRules: [{FCA27A2C-1A7E-4887-A225-513FA31DDE29}] => (Allow) C:\Users\User1Renamed\AppData\Roaming\Zoom\bin\airhost.exe => Brak pliku
FirewallRules: [{FDD7F93B-2123-4417-9DC3-33583FD3DCE1}] => (Allow) C:\Users\User1Renamed\AppData\Roaming\Zoom\bin\airhost.exe => Brak pliku
 Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"}
EmptyTemp:
END::

START::
HKU\S-1-5-21-2333271773-2778659109-3581097331-1001\...\Run: [snpr] => "C:\Program Files (x86)\Snooper\snpr.exe" (Brak pliku)
HKU\S-1-5-21-2333271773-2778659109-3581097331-1001\...\Run: [FTP Synchronizer] => C:\Program Files (x86)\FTP Synchronizer\ProfilePreview.exe (Brak pliku)
HKU\S-1-5-18\...\Run: [FTP Synchronizer] => C:\Program Files (x86)\FTP Synchronizer\ProfilePreview.exe (Brak pliku)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Ograniczenia <==== UWAGA
Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"}
EmptyTemp:
END::

START::
Task: {0E9B0B5C-9FF3-4A29-8479-0868A68DD87B} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe -PvrSchedule (Brak pliku)
Task: {1CC9D281-7BB9-4AC0-BB35-EDC99E328256} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe -crl -hms -pscn 15 (Brak pliku)
Task: {22557AAD-EA6E-4279-A267-1E10B0A16C55} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe /StartRecording (Brak pliku)
Task: {2956E29D-A64D-413D-B892-F5AA2AC347BB} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe /DoReindexSearchRoot (Brak pliku)
Task: {3999671B-80BF-4CDF-A95C-93FD2F0FE480} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe -PvrRecoveryTask (Brak pliku)
Task: {3CBC40D7-5079-4162-B3CF-8BB086B1F88F} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe /DoActivateWindowsSearch (Brak pliku)
Task: {49072A42-
-4821-800D-28DD295D6786} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) (Brak pliku)
Task: {4FF356D2-FE47-4920-B00B-3E8B260DCA26} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) (Brak pliku)
Task: {528B6446-B6F7-44E3-AA71-6203798B4E57} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe -pscn 0 (Brak pliku)
Task: {53C82D5D-CAA2-4928-AD01-FD5CA9402E42} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe -SqlLiteRecoveryTask (Brak pliku)
Task: {54C24529-FE0D-45F3-921C-72B199731A29} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery (Brak pliku)
Task: {5EB21AB0-16D4-490C-8256-8546F5A2D1BF} - System32\Tasks\Mozilla\Firefox Default Browser Agent 3C817F90BA7FCBE8 => C:\Users\ŁA\AppData\Local\Mozilla Firefox\default-browser-agent.exe do-task "3C817F90BA7FCBE8"
Task: {61B05286-3CEE-4AF3-8234-9A88712693CC} - \Microsoft\Windows\Setup\EOSNotify -> Brak pliku <==== UWAGA
Task: {63882D74-4B0D-4654-86EE-D96AE3948093} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe /OCURActivate (Brak pliku)
Task: {6563DB5C-54FD-4007-98A3-1F779956369C} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe -MediaCenterRecoveryTask (Brak pliku)
Task: {6A73D90C-B17C-4761-8357-1A346F1A3327} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe $(Arg0) (Brak pliku)
Task: {73076ED9-3F40-4900-8277-5791A6CFF45D} - \Microsoft\Windows\Setup\EOSNotify2 -> Brak pliku <==== UWAGA
Task: {74B79B52-5FD9-4C14-BAB0-205B4C4DD9F9} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) (Brak pliku)
Task: {79C54A83-890B-4E5E-ADEE-46C03ACB5FA3} - System32\Tasks\Microsoft\Windows\End Of Support\Notify2 => C:\WINDOWS\system32\sipnotify.exe -Daily (Brak pliku)
Task: {92BE7943-78D8-4C4B-883D-3B2AAF434323} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe -ObjectStoreRecoveryTask (Brak pliku)
Task: {B1450FE1-82E8-40F1-8F3F-5749E0F9E20E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery (Brak pliku)
Task: {B1450FE1-82E8-40F1-8F3F-5749E0F9E20E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery (Brak pliku)
Task: {BA7F3875-7416-4EF5-B045-A03824D3AFA2} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) (Brak pliku)
Task: {C1913C94-0842-490C-B755-F95332E09ABA} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe /DoConfigureInternetTimeService (Brak pliku)
Task: {CE4EEC05-AE50-4266-B124-7496745958B2} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe /PBDADiscovery (Brak pliku)
Task: {D3872B66-2C4F-4FE2-9D26-4CCF8397A60A} - System32\Tasks\Microsoft\Windows\End Of Support\Notify1 => C:\WINDOWS\system32\sipnotify.exe -LogonOrUnlock (Brak pliku)
Task: {DA5EBFDD-F0C4-44BB-802B-EC827B4A9BF5} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) (Brak pliku)
Task: {DA9D1E83-01AA-4187-BDB9-6D13247DE477} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe /DRMInit (Brak pliku)
Task: {FFD0BCF8-7926-4344-A2B0-908C275D350D} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe /RestartRecording (Brak pliku)
Task: {6D1840A0-1E66-46C5-A419-011538B0B531} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [269504 2017-08-07] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [269504 2017-08-07] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SearchScopes: HKU\S-1-5-21-3875371602-663208066-373928879-1000 -> DefaultScope {2D9F7ECC-77DD-49F3-AD54-E75534B1BBB4} URL =
SearchScopes: HKU\S-1-5-21-3875371602-663208066-373928879-1000 -> {2D9F7ECC-77DD-49F3-AD54-E75534B1BBB4} URL =
SearchScopes: HKU\S-1-5-21-3875371602-663208066-373928879-1001 -> DefaultScope {2D9F7ECC-77DD-49F3-AD54-E75534B1BBB4} URL =
SearchScopes: HKU\S-1-5-21-3875371602-663208066-373928879-1001 -> {2D9F7ECC-77DD-49F3-AD54-E75534B1BBB4} URL =
Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"}
EmptyTemp:
END::

START::
Task: {4F58706C-3D1B-46D9-AB86-E76F65A0ACEC} - System32\Tasks\Teamviewer-QS-updater-6tyn6p2 => C:\Users\KTR\AppData\Local\TeamViewer\CustomConfigs\6tyn6p2\TeamViewer.exe [49255720 2021-12-17] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{19316704-28B3-4337-A30E-493949159EE4}] => (Allow) tunmgr.exe => Brak pliku
FirewallRules: [{4FF31F6B-FC00-4B08-BD8F-EC24E6DD02E3}] => (Allow) tunmgr.exe => Brak pliku
FirewallRules: [{BC5BC500-214C-4BB0-9541-6CC401DEB3E5}] => (Allow) mDNSResponder.exe => Brak pliku
FirewallRules: [{0A257710-1CC5-44C1-BE4C-F7007DF57567}] => (Allow) mDNSResponder.exe => Brak pliku
S3 BthAvrcp; system32\DRIVERS\BthAvrcp.sys [X]
S3 CsrBtPort; system32\DRIVERS\CsrBtPort.sys [X]
S3 csrpan; system32\DRIVERS\csrpan.sys [X]
S3 csrserial; system32\DRIVERS\csrserial.sys [X]
S3 csrusb; System32\Drivers\csrusb.sys [X]
S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]
S3 vpnva; system32\DRIVERS\vpnva-6.sys [X]
S3 WinRing0_1_2_0; \??\D:\Pobrane\Instal\OpeHardMonitor\OpenHardwareMonitor\OpenHardwareMonitorLib.sys [X]
Task: {87BD7AFE-A63C-44E9-822F-040E0396BD68} - System32\Tasks\{FD407C14-6552-4465-AFCB-C043D53897FB} => C:\Windows\system32\pcalua.exe -a E:\Archiwum\T730\Stery\LAN_INTEL_V11.5.10.0_WIN7_CA41534-6772.EXE -d E:\Archiwum\T730\Stery
Task: {DEF83452-1A13-455D-8233-895B20896C0C} - System32\Tasks\{C3F81D82-75B6-42A7-9DA9-8F7A858D555D} => C:\Windows\system32\pcalua.exe -a E:\Archiwum\T730\Stery\SYS-EXTENSION-UTIL_V3.1.1_WIN7_CA41534-6772.EXE -d E:\Archiwum\T730\Stery
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.cpdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [Brak pliku]
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [Brak pliku]
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [Brak pliku]
HKLM\...\Run: [] => [X]
GroupPolicy: Ograniczenia ? <==== UWAGA
Policies: C:\ProgramData\NTUSER.pol: Ograniczenia <==== UWAGA
Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"}
EmptyTemp:
END::

Error: (02/07/2022 08:06:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

START::
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA
AV: ESET Security (Enabled - Up to date) {885D845F-AF19-0124-FECE-FFF49D00F440}
RemoveDirectory: C:\Users\jware\Desktop\FRST-OlderVersion
HKLM\SOFTWARE\Policies\Google: Ograniczenia <==== UWAGA
HKLM-x32\...\Run: [C:\WINDOWS\System32\V0770Ext.ax] => C:\WINDOWS\system32\RegSvr32.exe /s C:\WINDOWS\System32\V0770Ext.ax (Brak pliku)
HKLM\...\Run: [C:\WINDOWS\system32\V0770Ext.ax] => C:\WINDOWS\system32\RegSvr32.exe /s C:\WINDOWS\system32\V0770Ext.ax (Brak pliku)
Toolbar: HKLM - Brak nazwy - {61E612A7-2382-4570-8D3F-42BC136DDAD7} -  Brak pliku
Toolbar: HKLM-x32 - Brak nazwy - {61E612A7-2382-4570-8D3F-42BC136DDAD7} -  Brak pliku
Toolbar: HKU\S-1-5-21-2404278863-482792713-4167860027-1002 -> Brak nazwy - {B24BA06E-FB7B-4757-95C2-DC01125F750E} -  Brak pliku
FirewallRules: [{BE71277A-BD46-4CD6-B572-4E11AC71BF10}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe => Brak pliku
FirewallRules: [{96C6C702-21F4-4690-8E43-EB827D0AAA56}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe => Brak pliku
Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"}
EmptyTemp:
END::

START::
HKU\FileCache\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\UserChoice =>
HKU\FileCache\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.reg\UserChoice =>
HKU\FileCache\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bat\UserChoice =>
HKU\FileCache\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cmd\UserChoice =>
HKU\FileCache\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.com\UserChoice =>
HKU\FileCache\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.scr\UserChoice =>
HKU\FileCache\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lnk\UserChoice =>
EmptyTemp:
END::