CreateRestorePoint:
CloseProcesses:
EmptyTemp:
File: C:\ProgramData\DeleteFile.exe
HKLM-x32\...\Run: [kbdsprt] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA
HKU\S-1-5-21-2715589076-1543575505-3553250503-1001\...\MountPoints2: {76d9ebfb-7f3f-11e6-8253-d07e357d2f66} - "H:\OriginSetup.exe" 
HKU\S-1-5-21-2715589076-1543575505-3553250503-1001\...\MountPoints2: {76d9ec0d-7f3f-11e6-8253-d07e357d2f66} - "I:\SETUP.EXE" 
HKU\S-1-5-21-2715589076-1543575505-3553250503-1001\...\MountPoints2: {79505bb4-def5-11e6-8269-448a5bf2e290} - "G:\autorun.exe" 
HKU\S-1-5-21-2715589076-1543575505-3553250503-1001\...\MountPoints2: {95647895-d614-11e9-82e3-d07e357d2f66} - "G:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-2715589076-1543575505-3553250503-1001\...\MountPoints2: {a7b019db-9cd8-11e8-82ae-d07e357d2f66} - "G:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-2715589076-1543575505-3553250503-1001\...\MountPoints2: {ac1b431c-c5c2-11e8-82b1-d07e357d2f66} - "G:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-2715589076-1543575505-3553250503-1001\...\MountPoints2: {c72da580-475e-11e9-82d2-d07e357d2f66} - "G:\AutoRun.exe" 
HKU\S-1-5-21-2715589076-1543575505-3553250503-1001\...\MountPoints2: {d8f14d9d-1465-11e8-829c-d07e357d2f66} - "G:\HiSuiteDownLoader.exe" 
GroupPolicy: Ograniczenia ? <==== UWAGA
Policies: C:\ProgramData\NTUSER.pol: Ograniczenia <==== UWAGA
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Ograniczenia <==== UWAGA
HKLM\SOFTWARE\Policies\Google: Ograniczenia <==== UWAGA
Task: {046156CD-D45A-4299-BBDF-98C429BC0B85} - System32\Tasks\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe (Brak pliku)
Task: {1441D529-F168-4515-A848-84C3E3600B74} - System32\Tasks\{8565A12A-9E3F-4EC6-8FE4-B64B73D5E0C2} => C:\Windows\system32\pcalua.exe -a "C:\Users\bEEExx\Desktop\Uro dawida\PC-Receiver-v2.02\Software\setupstb.exe" -d "C:\Users\bEEExx\Desktop\Uro dawida\PC-Receiver-v2.02\Software"
Task: {38BABE32-3327-4058-84F3-81C3CE4F59F4} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe (Brak pliku)
Task: {A05DC1F0-B6CC-4827-8410-EC86D02B9D88} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\Overseer.exe [1835112 2020-02-19] () [Brak podpisu cyfrowego]
Task: {CD4E2280-B4B9-4DAC-88E7-BDB9CB1C00A2} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\bEEExx\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [21737944 2022-04-24] (ESET, spol. s r.o. -> ESET)
Task: {D8E1B9AD-3757-40F3-AC82-513B93EEEA27} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\bEEExx\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [21737944 2022-04-24] (ESET, spol. s r.o. -> ESET)
Tcpip\..\Interfaces\{63462549-4094-4D60-9AC4-8B91B82F5714}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{A038353E-B14E-4AB0-8BCC-DB0964312E58}: [DhcpNameServer] 8.8.8.8
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi => nie znaleziono
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi => nie znaleziono
FF Plugin-x32: @google.com/npwebplugin -> C:\Windows\system32\npwebplugin.dll [Brak pliku]
S2 Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [X]
U4 dmwappushservice; Brak ImagePath
S3 IntcAzAudAddService; \SystemRoot\system32\drivers\RTKVHD64.sys [X]
S3 mfesapsn; \??\C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [X]
2022-04-24 10:17 - 2022-04-24 11:13 - 000000000 ____D C:\Users\bEEExx\AppData\Local\b7ca1994-c6b6-458d-b3e8-e39e7bfc28be
2022-04-24 10:17 - 2022-04-24 11:13 - 000000000 ____D C:\Users\bEEExx\AppData\Local\8c4d3f44-be2b-419b-8118-59714f1f5794
2022-04-24 10:17 - 2022-04-24 10:17 - 000000000 ____D C:\Users\bEEExx\AppData\Local\Yandex
2022-04-24 10:17 - 2022-04-24 10:17 - 000000000 ____D C:\ProgramData\CP8Z9ZN3KMVU03RJRFJ
2022-04-24 10:16 - 2022-04-24 11:28 - 000000000 ____D C:\Users\bEEExx\AppData\Roaming\ZYmJU
2022-04-24 10:16 - 2022-04-24 11:28 - 000000000 ____D C:\Users\bEEExx\AppData\Roaming\shftool
2022-04-24 10:16 - 2022-04-24 10:17 - 000000000 ____D C:\Users\bEEExx\AppData\Roaming\zBTjz4PLT
2022-04-24 10:16 - 2022-04-24 10:16 - 000000000 ____D C:\Users\bEEExx\AppData\Roaming\Vobaticu
2022-04-24 10:16 - 2022-04-24 10:16 - 000000000 ____D C:\Program Files (x86)\installeras
2022-04-24 10:11 - 2022-04-24 10:11 - 000000000 ____D C:\ProgramData\OLD5RBJU34LT5JAEQP4
2022-04-24 10:10 - 2022-04-24 10:10 - 000000000 ____D C:\ProgramData\FDSNSVVJ11J042CD3IY
2011-04-01 11:57 - 2011-04-01 11:57 - 000247136 _____ () C:\ProgramData\DeleteFile.exe
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Brak pliku
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Brak pliku
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> Brak pliku
AlternateDataStreams: C:\ProgramData\TEMP:C5CC2549 [147]
AlternateDataStreams: C:\Users\Public\AppData:CSM [458]
HKLM\...\.scr:  =>  <==== UWAGA
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-2715589076-1543575505-3553250503-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: Brak nazwy -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> Brak pliku
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  Brak pliku
FirewallRules: [{BEC8F150-0875-412E-BABB-8FB341FE7122}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => Brak pliku
FirewallRules: [{B1A26C05-C74D-42E1-900A-95224E3E4637}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => Brak pliku
FirewallRules: [{5F90469F-3458-45E9-B2E7-871C1D8EC028}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => Brak pliku
FirewallRules: [{7888FA0D-44AD-4A59-A298-5BC39FB54468}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => Brak pliku
FirewallRules: [TCP Query User{8E621B21-BF9C-4DC4-9387-275E219DE227}C:\users\beeexx\desktop\one\anydesk.exe] => (Allow) C:\users\beeexx\desktop\one\anydesk.exe => Brak pliku
FirewallRules: [UDP Query User{75F94E82-00CA-4A9E-83AC-90C482FE885B}C:\users\beeexx\desktop\one\anydesk.exe] => (Allow) C:\users\beeexx\desktop\one\anydesk.exe => Brak pliku
FirewallRules: [{5ADF9B9A-160B-442B-8030-E72DEDB0B988}] => (Block) C:\users\beeexx\desktop\one\anydesk.exe => Brak pliku
FirewallRules: [{705F827B-D7AD-4733-9A5E-59480592CB25}] => (Block) C:\users\beeexx\desktop\one\anydesk.exe => Brak pliku
RemoveProxy:
Hosts:
CMD: dir /a "C:\ProgramData"
CMD: dir /a "C:\Users\bEEExx\AppData\Local"
CMD: dir /a "C:\Users\bEEExx\AppData\Roaming"