CloseProcesses:
CreateRestorePoint:
EmptyTemp:
File: C:\Windows\SysWOW64\MsC9D8191AApp.dll
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA
GroupPolicy: Ograniczenia - Chrome <==== UWAGA
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Ograniczenia <==== UWAGA
CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <==== UWAGA
Task: {61E77EC6-AF9E-4A2A-A8EF-158855DDAFAB} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [5046784 2019-09-13] () [Brak podpisu cyfrowego]
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{1b57ae97-d267-4c83-bab4-251c1725efec}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{4a8b2d30-60f0-4475-af19-2d5bd82d23e6}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{95a46ce4-7a40-4452-8711-7f5f315f5daf}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{a03d3fc0-650b-43c8-a619-5d47baf81e13}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{ada65052-be7d-11e9-b756-806e6f6e6963}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{e1227add-2724-4c22-9bb7-14dc2696dda6}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{e1227add-2724-4c22-9bb7-14dc2696dda6}: [DhcpNameServer] 62.179.1.60 62.179.1.61
Tcpip\..\Interfaces\{edbfc4c6-ccc5-49dc-8c3f-c1a47ca6c659}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{edbfc4c6-ccc5-49dc-8c3f-c1a47ca6c659}: [DhcpNameServer] 192.168.0.1
SearchScopes: HKU\S-1-5-21-1104386370-1592352433-2388674672-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
CHR Extension: (book_helper) - C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnkmgfcjgbdhegcdfomenfdimokpmhob [2019-09-13]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
HKLM\SYSTEM\CurrentControlSet\Services\dump_C9D8191A <==== UWAGA (Rootkit!)
NETSVC: MsC9D8191AApp -> Brak ścieżki do pliku.
NETSVC: MsC9D8191AAppA -> Brak ścieżki do pliku.
NETSVC: MsC9D8191AAppB -> Brak ścieżki do pliku.
NETSVC: MsC9D8191AAppBak -> Brak ścieżki do pliku.
NETSVC: MsC9D8191AAppC -> Brak ścieżki do pliku.
2019-09-13 20:20 - 2019-09-13 20:20 - 000003806 _____ C:\Windows\System32\Tasks\AutoKMS
2019-09-13 20:20 - 2019-09-13 20:20 - 000000000 ____D C:\Windows\AutoKMS
2019-09-13 19:33 - 2019-09-13 19:33 - 000543232 _____ C:\Windows\SysWOW64\MsC9D8191AApp.dll
2019-09-13 19:33 - 2019-09-13 19:33 - 000000266 __RSH C:\Users\ADMIN\ntuser.pol
2019-09-13 19:17 - 2019-09-13 19:17 - 000003258 __RSH C:\ProgramData\ntuser.pol
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> Brak pliku
HKU\S-1-5-21-1104386370-1592352433-2388674672-1000\...\StartupApproved\Run: => "WallpaperHd"
Hosts:
RemoveProxy:
CMD: netsh int ip reset
CMD: ipconfig /flushdns