CloseProcesses:
CreateRestorePoint:
C:\Program Files\OVPX02Y6UN\OVPX02Y6U.exe
C:\Users\Ania\AppData\Local\Temp\is-9P2P1.tmp\ehialux334y.tmp
HKLM\...\Run: [SERVICE] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA
HKU\S-1-5-21-3273356874-3823358916-4144473172-1000\...\Run: [SilentDew] => C:\Windows\rss\csrss.exe [3681280 2018-02-04] () <==== UWAGA
HKU\S-1-5-21-3273356874-3823358916-4144473172-1000\...\Run: [9912577] => C:\Users\Ania\AppData\Roaming\jpmfzjesn4c\ehialux334y.exe [755767 2018-02-04] ( )
HKU\S-1-5-21-3273356874-3823358916-4144473172-1000\...\Run: [ZT6THI2MFYVYVJF] => C:\Program Files\OVPX02Y6UN\OVPX02Y6U.exe [668672 2018-02-04] ()
HKU\S-1-5-21-3273356874-3823358916-4144473172-1000\...\MountPoints2: H - H:\HiSuiteDownLoader.exe
HKU\S-1-5-21-3273356874-3823358916-4144473172-1000\...\MountPoints2: {011149e2-fd2c-11e7-b740-dc0ea146e4c1} - H:\HiSuiteDownLoader.exe
HKU\S-1-5-21-3273356874-3823358916-4144473172-1000\...\MountPoints2: {45cef37f-f241-11e7-a3b4-b40194de32a4} - "H:\WD Drive Unlock.exe" autoplay=true
HKU\S-1-5-21-3273356874-3823358916-4144473172-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\ProgramData\DreamScreen\DreamCompress.scr
HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
ShellExecuteHooks: Brak nazwy - {5F51FFFE-7463-4220-B711-E5B9ACB8EDFE} - C:\Users\Ania\AppData\Roaming\tmp546.dat [2308096 2017-12-06] ()
GroupPolicy: Ograniczenia - Chrome <==== UWAGA
HKU\S-1-5-21-3273356874-3823358916-4144473172-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccYoyD360eqCRJRgTpuZ53rMPyCe4OfYbzvQaXWUY8ytb17KA7xERWTPM1Gk3CgECyZDeIDCbd6Eg8BQS-npV5lHPz2FLEHbY4ULrW_N-NaSPh9UDPzZtJWi8AHonjJXZhlHwp9l-zM90wknA7PeL6X5bKjGMw,,&q={searchTerms}
HKU\S-1-5-21-3273356874-3823358916-4144473172-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccYoyD360eqCRJRgTpuZ53rMPyCe4OfYbzvQaXWUY8ytb17KA7xERWTPM1Gk3CgECyZPhjPITDTZWEu64dO5oUHgLqIY7i-2Cor9EvdR5dkioos-kmPdPbul4UkzJgW0UTRgObxeYWPGzf-7JZ4yPogPnZUK4g,,
HKU\S-1-5-21-3273356874-3823358916-4144473172-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pl-pl/?ocid=iehp
SearchScopes: HKLM-x32 -> DefaultScope - brak wartości
FF Plugin: @microsoft.com/GENUINE -> disabled [Brak pliku]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Brak pliku]
CHR HomePage: Default -> hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccYoyD360eqCRJRgTpuZ53rMPyCe4OfYbzvQaXWUY8ytb17KA7xERWTPM1Gk3CgECyZDY7007F6m-AX2V2QYudoJhZBP7gLcwtvmtWdAaMY1naZYFe7MyNPJLJMewLYn71XYeCwbqTMV55fS7Fbqhg2g9SCf3A,,
R2 WinDefender; C:\Windows\windefender.exe [0 ] () <==== UWAGA (zerobajtowy plik/folder)
R3 Winmon; C:\Windows\System32\drivers\Winmon.sys [0 ] () <==== UWAGA (zerobajtowy plik/folder)
R3 WinmonFS; C:\Windows\System32\drivers\WinmonFS.sys [0 ] (Windows (R) Win 7 DDK provider) <==== UWAGA (zerobajtowy plik/folder)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2018-02-04 20:17 - 2018-02-04 20:38 - 000000000 ____D C:\AdwCleaner
nointegritychecks: ==> "IntegrityChecks" [funkcja wyłączona] <==== UWAGA
C:\Program Files\OVPX02Y6UN
CloudNet (HKU\S-1-5-21-3273356874-3823358916-4144473172-1000\...\CloudNet) (Version: 20170301 - EpicNet Inc.) <==== UWAGA
Task: {46143D5B-EB2C-4D2F-8E6B-C4C62518C2F7} - System32\Tasks\{0B70BC55-6E34-4CC8-A957-48E0AC0AF7C6} => C:\Windows\system32\pcalua.exe -a "C:\Users\Ania\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe" -c /uninstall
Task: {622285B6-B1E6-47CD-8D2D-45713BAF3226} - System32\Tasks\{BB4C51BB-919A-44A4-8EF0-BA317C359EDC} => C:\Windows\system32\pcalua.exe -a "C:\Users\Ania\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe" -c /uninstall
2018-02-04 19:26 - 2017-12-06 13:27 - 002308096 ___SH () C:\Users\Ania\AppData\Roaming\tmp546.dat
FirewallRules: [{645EAF20-C891-4645-9041-6C43577D3378}] => (Allow) C:\Users\Ania\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe
EmptyTemp:
Hosts: