CloseProcesses: CreateRestorePoint: EmptyTemp: VirusTotal: C:\WINDOWS\System32\mracsvc.exe VirusTotal: C:\Users\MateuszR\AppData\Roaming\uhCicyoa.exe HKU\S-1-5-21-4060035999-110647326-3503328423-1001\...\MountPoints2: H - "H:\setup\rsrc\Autorun.exe" HKU\S-1-5-21-4060035999-110647326-3503328423-1001\...\MountPoints2: I - "I:\Setup.exe" HKU\S-1-5-21-4060035999-110647326-3503328423-1001\...\MountPoints2: K - "K:\Setup.exe" HKU\S-1-5-21-4060035999-110647326-3503328423-1001\...\MountPoints2: {44942ab1-9bb0-11e7-beab-902b34a7688a} - "H:\Autorun.exe" HKU\S-1-5-21-4060035999-110647326-3503328423-1001\...\MountPoints2: {44942aec-9bb0-11e7-beab-902b34a7688a} - "H:\Autorun.exe" HKU\S-1-5-21-4060035999-110647326-3503328423-1001\...\MountPoints2: {b65bbd52-3673-11e8-bf13-902b34a7688a} - "G:\HiSuiteDownLoader.exe" Tcpip\..\Interfaces\{01b21b7b-2a6b-4072-b83c-4611bca1fc9e}: [DhcpNameServer] 77.91.63.252 77.91.63.250 Handler: WSKVAllmytubechrome - Brak wartości CLSID CHR HKU\S-1-5-21-4060035999-110647326-3503328423-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx S3 mracsvc; C:\WINDOWS\System32\mracsvc.exe [10395248 2018-05-08] (LLC Mail.Ru) S3 mracdrv; C:\WINDOWS\System32\drivers\mracdrv.sys [9623160 2018-05-08] (LLC Mail.Ru) S1 MpKsl8b4a530e; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{23DC15EE-9F46-43AF-9618-1AD032FC1F39}\MpKsl8b4a530e.sys [X] S3 X6va064; \??\C:\WINDOWS\SysWOW64\Drivers\X6va064 [X] 2016-07-16 13:43 - 2016-07-16 13:43 - 000058368 ____N (Microsoft Corporation) C:\Users\MateuszR\AppData\Roaming\uhCicyoa.exe 2016-07-16 13:43 - 2016-07-16 13:43 - 000177152 ____N (Microsoft Corporation) C:\Users\MateuszR\AppData\Local\IBmYX.exe 2016-07-16 13:43 - 2016-07-16 13:43 - 000058368 ____N (Microsoft Corporation) C:\Users\MateuszR\AppData\Local\qiomE.exe HKU\S-1-5-21-4060035999-110647326-3503328423-1001\...\ChromeHTML: -> <==== UWAGA CustomCLSID: HKU\S-1-5-21-4060035999-110647326-3503328423-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-5E11DD169709}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => Brak pliku Task: {13DE3F66-7BE3-495D-A42F-F1FDB5247574} - System32\Tasks\{17FE2EDA-4C83-4190-AAB1-4A750BD6ACE3} => C:\WINDOWS\system32\pcalua.exe -a "C:\Users\MateuszR\Downloads\ESport Manager Setup.exe" -d C:\Users\MateuszR\Downloads Task: {BF79A383-BD0E-4DBE-A5B4-A1279667E9DF} - System32\Tasks\{E0D00BA0-982F-486A-B84A-3BFEF868C7F5} => C:\WINDOWS\system32\pcalua.exe -a "C:\Users\MateuszR\Downloads\ESport Manager Setup (1).exe" -d C:\Users\MateuszR\Downloads Task: {F11B2323-C9E5-474B-8255-8A0D0AE76B3A} - System32\Tasks\{0A5AB291-8336-9EB2-357A-4B754C76B0A9} => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" hxxp://style-mod.net/cl/?guid=u2uus4k9en58brikjd26t2js6jyacqcx&prid=1&pid=4_1324_0 AlternateDataStreams: C:\Users\Public\AppData:CSM [462] HKU\S-1-5-21-4060035999-110647326-3503328423-1001\Software\Classes\regfile: regedit.exe "%1" <==== UWAGA FirewallRules: [TCP Query User{9E1DCE4C-68F9-4BAF-9443-39A2F3178757}C:\users\mateuszr\appdata\local\gamerhash\miners\claymore_cryptonote_v1\nscpucnminer64.gh] => (Allow) C:\users\mateuszr\appdata\local\gamerhash\miners\claymore_cryptonote_v1\nscpucnminer64.gh FirewallRules: [UDP Query User{E2A51D0B-A197-4184-8981-EF535B5EA44A}C:\users\mateuszr\appdata\local\gamerhash\miners\claymore_cryptonote_v1\nscpucnminer64.gh] => (Allow) C:\users\mateuszr\appdata\local\gamerhash\miners\claymore_cryptonote_v1\nscpucnminer64.gh FirewallRules: [{A216512A-D341-464E-B1B1-82AE401807B5}] => (Allow) C:\Users\MateuszR\AppData\Roaming\uhCicyoa.exe FirewallRules: [{FD8398E7-8C70-430A-B7E5-AB4CC0BBF067}] => (Allow) C:\Users\MateuszR\AppData\Local\qiomE.exe CMD: dir /a "C:\Users\MateuszR\AppData\Roaming" CMD: dir /a "C:\Users\MateuszR\AppData\Local" CMD: ipconfig /flushdns Hosts: