Task: {1AD0E5BD-C153-4F84-B22C-030F1E7DD757} - System32\Tasks\{091438A5-DCE2-49B5-9464-9E15CCF7DAFD} => C:\Windows\system32\pcalua.exe -a C:\Users\Dorcia\AppData\Local\Temp\scoped_dir6916_13342\irfanview_lang_polski.exe -d C:\Users\Dorcia\AppData\Local\Temp\scoped_dir6916_13342 <==== UWAGA
Task: {3A3BD7D2-ADD4-4E60-8A58-57DBA6462881} - System32\Tasks\{619E5CD8-9F09-409A-ADD9-ECF5E1D4C699} => C:\Windows\system32\pcalua.exe -a C:\AMD\Support\13-4_mobility_vista_win7_win8_32_dd_ccc_whql\Setup.exe -d C:\AMD\Support\13-4_mobility_vista_win7_win8_32_dd_ccc_whql
Task: {5DC4EB51-2F24-4B53-8A55-55CB2E809E63} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {79D7F3C0-5F5C-48B4-AEBB-70FD905DBC96} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
Task: {FEB37BAD-B65A-4E45-A086-0E5E28DCF5CC} - System32\Tasks\{CFAD9BD8-B635-4D79-A036-0D8295A75763} => C:\Windows\system32\pcalua.exe -a E:\_____SUPPORTED_ORIG_delldriverS\Video_ATI_W7_A10_Setup-G22HG_ZPE.exe -d E:\_____SUPPORTED_ORIG_delldriverS
FF Session Restore: Mozilla\Firefox\Profiles\6sovya1r.default-1527956543972 -> [funkcja włączona]
CHR StartupUrls: Default -> "hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=PL&userid=152c9255-b7fc-4115-b898-dc43296d0b45&affid=111583&searchtype=hp&babsrc=lnkry","hxxps://www.google.com/"
CHR Session Restore: Default -> [funkcja włączona]
CHR HKLM\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
OPR Session Restore: Opera Stable -> [funkcja włączona]
Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"}
EmptyTemp:

S2 HP Comm Recover; "C:\Program Files\HPCommRecovery\HPCommRecovery.exe" [X]
S4 uhssvc; "C:\Program Files\Microsoft Update Health Tools\uhssvc.exe" [X]
C:\Users\dompa\Downloads\FRST-OlderVersion
HKU\S-1-5-21-3133839560-3129128905-3125803066-1001\Software\Classes\.scr: AutoCADScriptFile => C:\windows\system32\notepad.exe "%1"
SearchScopes: HKLM -> {5940DE61-B85F-491B-A68A-830A62B605BE} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5FcPortugueseode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {5940DE61-B85F-491B-A68A-830A62B605BE} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5FcPortugueseode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3133839560-3129128905-3125803066-1001 -> {5940DE61-B85F-491B-A68A-830A62B605BE} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5FcPortugueseode=qs&index=aps&field-keywords={searchTerms}
FirewallRules: [TCP Query User{75D81580-9FE1-4B73-BAC5-48BAA9F917BF}C:\games\battlefield - hardline\bfh.exe] => (Allow) C:\games\battlefield - hardline\bfh.exe => Brak pliku
FirewallRules: [UDP Query User{DEEBCBC8-6A37-447E-8A11-9A7DF3B2976E}C:\games\battlefield - hardline\bfh.exe] => (Allow) C:\games\battlefield - hardline\bfh.exe => Brak pliku
FirewallRules: [TCP Query User{63C23312-E9AF-46E5-A12C-60EB179616C7}C:\games\far cry 4\bin\farcry4.exe] => (Allow) C:\games\far cry 4\bin\farcry4.exe => Brak pliku
FirewallRules: [UDP Query User{A8EA70A1-3B14-4855-B8E2-5FC79F74476F}C:\games\far cry 4\bin\farcry4.exe] => (Allow) C:\games\far cry 4\bin\farcry4.exe => Brak pliku
FirewallRules: [{819DF5D1-33A3-469B-9D3C-4F3D9AC5455B}] => (Allow) C:\Users\dompa\AppData\Roaming\Zoom\bin\airhost.exe => Brak pliku
FirewallRules: [{0F33B376-AA4E-44BE-8F4A-488E5AB138CF}] => (Allow) C:\Users\dompa\AppData\Roaming\Zoom\bin\airhost.exe => Brak pliku
FirewallRules: [{64006628-ED7C-4157-82D7-8A4E3DDA2D05}] => (Allow) C:\Users\dompa\AppData\Local\Temp\7zS58F7\HP.EasyStart.exe => Brak pliku
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3133839560-3129128905-3125803066-1001\...\Policies\Explorer: []
HKU\S-1-5-21-3133839560-3129128905-3125803066-1001\...\Run: [Shortcutor] => "C:\Program Files\Coode Software\Shortcutor\Shortcutor.exe" (Brak pliku)
Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"}
EmptyTemp:

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA
EmptyTemp:

HKLM\...\Policies\Explorer: [NoWindowsUpdate] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA
HKU\S-1-5-21-582382116-2524087355-1443837786-1004\...\Policies\Explorer: [NoSecurityTab] 1
HKU\S-1-5-18\...\Winlogon: [Shell] C:\WINDOWS\explorer.exe [4685120 2020-11-12] (Microsoft Windows -> Microsoft Corporation) <==== UWAGA
IFEO\dismHost.exe: [Debugger] *
IFEO\EOSNOTIFY.EXE: [Debugger] *
IFEO\InstallAgent.exe: [Debugger] *
IFEO\MusNotification.exe: [Debugger] *
IFEO\MUSNOTIFICATIONUX.EXE: [Debugger] *
IFEO\remsh.exe: [Debugger] *
IFEO\SIHClient.exe: [Debugger] *
IFEO\UpdateAssistant.exe: [Debugger] *
IFEO\UPFC.EXE: [Debugger] *
IFEO\UsoClient.exe: [Debugger] *
IFEO\WaaSMedic.exe: [Debugger] *
IFEO\WaasMedicAgent.exe: [Debugger] *
IFEO\Windows10Upgrade.exe: [Debugger] *
IFEO\WINDOWS10UPGRADERAPP.EXE: [Debugger] *
Startup: C:\Users\Artur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\erreur.exe [2017-07-06] () <==== UWAGA [zerobajtowy plik/folder]
GroupPolicy: Ograniczenia ? <==== UWAGA
Policies: C:\ProgramData\NTUSER.pol: Ograniczenia <==== UWAGA
Task: {3BC78540-B959-4363-BD7C-C6838594734F} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe (Brak pliku)
Task: {A8AAC26F-7992-4411-8C04-E2884D695EFA} - System32\Tasks\RegBak => C:\Program Files\Acelogix\RegBak\Uruchamianie\NirCmd.bat [76 2017-07-15] () [Brak podpisu cyfrowego] <==== UWAGA
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <==== UWAGA
Edge Session Restore: HKU\S-1-5-21-582382116-2524087355-1443837786-1004 -> [funkcja włączona]
Edge Session Restore: Default -> [funkcja włączona]
FF Extension: (Session Manager) - C:\Users\Artur\AppData\Roaming\Mozilla\Firefox\Profiles\k43ym6cr.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2017-07-19] [Przestarzałe]
CHR Session Restore: Default -> [funkcja włączona]
S2 DellClientManagementService; "C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe" [X]
S3 cpuz143; \??\C:\WINDOWS\temp\cpuz143\cpuz143_x64.sys [X]
S3 cpuz148; \??\C:\WINDOWS\temp\cpuz148\cpuz148_x64.sys [X]
Toolbar: HKU\S-1-5-21-582382116-2524087355-1443837786-1004 -> Brak nazwy - {405DFEAE-1D2F-4649-BE08-C92313C3E1CE} -  Brak pliku
HKU\S-1-5-21-582382116-2524087355-1443837786-1004\...\StartupApproved\StartupFolder: => "erreur.exe"
Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"}
EmptyTemp:

Windows Registry Editor Version 5.00

[HKEY_USERS\S-1-5-21-881930461-47489624-1918205951-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List]
"File1"=-

HKU\S-1-5-21-309175177-1749008106-2885720676-1001\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (Brak pliku)
Task: {146A3C9F-9232-453A-A28F-CCB023C8150A} - \Hewlett-Packard\HP Support Assistant\First Boot -> Brak pliku <==== UWAGA
Task: {317107BF-13F6-48B4-AA5A-BA0B03A02F4B} - \Microsoft\Windows\ErrorDetails\EnableErrorDetailsUpdate -> Brak pliku <==== UWAGA
Task: {48A98229-5C8E-4DDD-8139-CF35F7262A95} - \Microsoft\Windows\Plug and Play\Plug and Play Cleanup -> Brak pliku <==== UWAGA
Task: {5587F1DC-15D0-4331-A673-6EF75E5CD9C0} - \Microsoft\Windows\AppID\SmartScreenSpecific -> Brak pliku <==== UWAGA
Task: {71E53243-3A2D-47EE-9DAB-6D71B2366657} - \Microsoft\Windows\ErrorDetails\ErrorDetailsUpdate -> Brak pliku <==== UWAGA
Task: {788F994E-B971-4A57-AD2B-EBA037D0B9A5} - \Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start -> Brak pliku <==== UWAGA
Task: {7C655CC6-19CB-4430-BBD8-D29999902511} - \Microsoft\Windows\UpdateOrchestrator\Policy Install -> Brak pliku <==== UWAGA
Task: {967CAA16-6069-4738-9DB7-7EB5AF7B1110} - \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToReboot -> Brak pliku <==== UWAGA
Task: {A0352518-D527-464A-AB8B-160E931AFCC8} - \Microsoft\Windows\UpdateOrchestrator\Maintenance Install -> Brak pliku <==== UWAGA
Task: {A741BC1C-B4B6-436D-AC57-3F90C345BD80} - \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_Display -> Brak pliku <==== UWAGA
Task: {C349BB67-3672-4975-AE02-517BAD9318EE} - \Microsoft\Windows\WindowsUpdate\sih -> Brak pliku <==== UWAGA
Task: {F9D959A4-481B-4091-A9F9-53F57E485CED} - \Avast SecureLine -> Brak pliku <==== UWAGA
FF Session Restore: Mozilla\Firefox\Profiles\sgqgvlxu.default-release -> [funkcja włączona]
C:\WINDOWS\Minidump\*.dmp
Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"}
EmptyTemp:

StartRegedit:
Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Intel\IGFX\OCL\cl_cache_dir]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Topaz Labs LLC]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Topaz Labs LLC\Topaz Gigapixel AI]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Topaz Labs LLC\Topaz Gigapixel AI]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-868864574-754023539-434053955-1003]

[HKEY_USERS\S-1-5-21-868864574-754023539-434053955-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Applets\Regedit]
"LastKey"=-

[HKEY_USERS\S-1-5-21-868864574-754023539-434053955-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppSwitched]
"C:\Users\moons\Downloads\TopazGigapixelAI-Online-Installer.exe"=-

[HKEY_USERS\S-1-5-21-868864574-754023539-434053955-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppSwitched]
"{6D809377-6AF0-444B-8957-A3773F02200E}\Topaz Labs LLC\Topaz Gigapixel AI\Topaz Gigapixel AI.exe"=-

[HKEY_USERS\S-1-5-21-868864574-754023539-434053955-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\ShowJumpView]
"{6D809377-6AF0-444B-8957-A3773F02200E}\Topaz Labs LLC\Topaz Gigapixel AI\Topaz Gigapixel AI.exe"=-

[HKEY_USERS\S-1-5-21-868864574-754023539-434053955-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\OpenWithList]
"i"-

[HKEY_USERS\S-1-5-21-868864574-754023539-434053955-1003\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Program Files\Topaz Labs LLC\Topaz Gigapixel AI\Topaz Gigapixel AI.exe"=-

[HKEY_USERS\S-1-5-21-868864574-754023539-434053955-1003\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Program Files\Topaz Labs LLC\Topaz Gigapixel AI\installplugins.exe"=-

[-HKEY_USERS\S-1-5-21-868864574-754023539-434053955-1003\SOFTWARE\Topaz Labs LLC]

[-HKEY_USERS\S-1-5-21-868864574-754023539-434053955-1003\SOFTWARE\Topaz Labs LLC\Topaz Gigapixel AI]

[-HKEY_USERS\S-1-5-21-868864574-754023539-434053955-1003\SOFTWARE\Topaz Labs LLC\Topaz Gigapixel AI\appMain]

[HKEY_USERS\S-1-5-21-868864574-754023539-434053955-1003\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\Topaz Labs LLC\Topaz Gigapixel AI\Topaz Gigapixel AI.exe.FriendlyAppName"=-

EndRegedit:

RemoveDirectory: C:\Program Files\Topaz Labs LLC
RemoveDirectory: C:\Users\moons\AppData\Roaming\Topaz Labs LLC
RemoveDirectory: C:/ProgramData/Topaz Labs LLC

Reboot:

C:\Users\Public\Desktop\Topaz Gigapixel AI.lnk
RemoveDirectory: C:\ProgramData\Topaz Labs LLC
RemoveDirectory: C:\Users\moons\AppData\Local\Topaz Labs LLC
RemoveDirectory: C:\Program Files\Topaz Labs LLC
Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"}
EmptyTemp:

S2 kpm_launch_service; "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.2\kpm_service.exe" [X]
S3 semav6msr64; \??\C:\Windows\system32\drivers\semav6msr64.sys [X]
RemoveDirectory: C:\Users\Mateusz\Downloads\FRST-OlderVersion
FirewallRules: [{2A5736C8-E52B-409A-8AF2-CB899986C714}] => (Allow) C:\Program Files\MiniTool ShadowMaker\AgentService.exe => Brak pliku
FirewallRules: [{EFD80113-3D52-4682-B014-14B405F227FB}] => (Allow) C:\Program Files\MiniTool ShadowMaker\AgentService.exe => Brak pliku
Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"}
EmptyTemp: