CreateRestorePoint: CloseProcesses: EmptyTemp: Hosts: HKU\S-1-5-19\...\Winlogon: [Shell] C:\WINDOWS\explorer.exe [4615376 2020-01-31] (Microsoft Windows -> Microsoft Corporation) <==== UWAGA HKU\S-1-5-20\...\Winlogon: [Shell] C:\WINDOWS\explorer.exe [4615376 2020-01-31] (Microsoft Windows -> Microsoft Corporation) <==== UWAGA HKU\S-1-5-21-4215108683-3593633012-1172674551-1001\...\MountPoints2: {f6428d52-0680-11ea-a7b4-50b7c38b6341} - "D:\HiSuiteDownLoader.exe" HKU\S-1-5-21-4215108683-3593633012-1172674551-1001\...\MountPoints2: {f6428dfc-0680-11ea-a7b4-50b7c38b6341} - "D:\HiSuiteDownLoader.exe" HKU\S-1-5-21-4215108683-3593633012-1172674551-1001\...\Winlogon: [Shell] C:\WINDOWS\explorer.exe [4615376 2020-01-31] (Microsoft Windows -> Microsoft Corporation) <==== UWAGA HKU\S-1-5-18\...\Winlogon: [Shell] C:\WINDOWS\explorer.exe [4615376 2020-01-31] (Microsoft Windows -> Microsoft Corporation) <==== UWAGA Task: {587C46EE-62C7-4E26-9479-2A231E44E852} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe /NOUACCHECK HKU\S-1-5-21-4215108683-3593633012-1172674551-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=620947&OCID=AVRES000&pc=UE00 SearchScopes: HKU\S-1-5-21-4215108683-3593633012-1172674551-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00 SearchScopes: HKU\S-1-5-21-4215108683-3593633012-1172674551-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00 2020-03-18 19:47 - 2019-05-21 18:39 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job 2017-12-03 13:50 - 2017-12-03 13:50 - 000000000 _____ () C:\Users\Fabian M\AppData\Roaming\gdfw.log 2017-12-03 13:50 - 2017-12-03 13:50 - 000000779 _____ () C:\Users\Fabian M\AppData\Roaming\gdscan.log CustomCLSID: HKU\S-1-5-21-4215108683-3593633012-1172674551-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Fabian M\AppData\Local\Microsoft\OneDrive\19.152.0801.0008\amd64\FileSyncShell64.dll => Brak pliku CustomCLSID: HKU\S-1-5-21-4215108683-3593633012-1172674551-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Fabian M\AppData\Local\Microsoft\OneDrive\19.152.0801.0008\amd64\FileSyncShell64.dll => Brak pliku CustomCLSID: HKU\S-1-5-21-4215108683-3593633012-1172674551-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Fabian M\AppData\Local\Microsoft\OneDrive\19.152.0801.0008\amd64\FileSyncShell64.dll => Brak pliku AlternateDataStreams: C:\Users\Fabian M\OneDrive:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity [130] FirewallRules: [{06D39D80-86E6-4A4F-8F15-457228B277D5}] => (Allow) C:\Srar Wars\GameData\sweaw.exe Brak pliku FirewallRules: [{801E8125-C7B3-4CFE-BB75-934D9A8BBCCF}] => (Allow) C:\Srar Wars\GameData\sweaw.exe Brak pliku FirewallRules: [{881D243E-10C8-4C9F-BEE3-41574D90B6BB}] => (Allow) %systemroot%\system32\alg.exe Brak pliku FirewallRules: [{BD5EA8E4-F545-40AB-B721-DCABBCE4F3EE}] => (Allow) %systemroot%\system32\alg.exe Brak pliku FirewallRules: [{90BD909A-3985-4104-9A00-F2EA6EA70E5B}] => (Allow) %systemroot%\system32\alg.exe Brak pliku