CloseProcesses:
CreateRestorePoint:
EmptyTemp:
Task: {0D0CC0B6-7F2D-434A-BAB7-59A6198CEBB1} - System32\Tasks\FastDataX Task => C:\Program Files (x86)\FastDataX\FastDataX.exe [2018-01-08] () <==== UWAGA
Task: {2A266163-9E69-4C09-A05C-9A0E84A63644} - System32\Tasks\{7789FAC3-B0A2-44A7-B577-9C3089EC7745} => C:\Windows\AeaXngem.exe [1623-04-04] (Microsoft Corporation)
Task: {55513120-5A64-494B-895F-DBD2F671AE71} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2765039487-2702460980-1030939640-1000
Task: {8C660D55-3CE1-43CB-9E45-63DAEDBBD287} - System32\Tasks\{09EFC5AB-D230-AB81-74D2-4D2309EFC5AB} => C:\Program Files (x86)\Hearthstone\v9.1.50366\Hearthstone Beta Launcher.exe [2018-01-12] ()
Task: {AD3D1D0E-3EFC-472B-BBA7-B1477BE6CE11} - System32\Tasks\{D2309EFC-AB81-74D2-4D23-1674D2309EFC} => C:\Users\User\AppData\Local\Temp\{D2309EFC-AB81-74D2-4D23-1674D2309EFC}\ROPYRmXM.exe [2018-01-12] () <==== UWAGA
Task: {B057AE0D-685E-440B-B4B8-9859B8CC1815} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-03] (Google Inc.)
Task: {D45A83AA-1995-467C-ACEB-41CB1C2CA21F} - System32\Tasks\{C981E46A-2744-463B-8E62-4A63A1F8021B} => C:\Users\User\AppData\Local\yJaKnVIYIXFuR.exe [1623-04-04] (Microsoft Corporation)
Task: C:\Windows\Tasks\{D2309EFC-AB81-74D2-4D23-1674D2309EFC}.job => C:\Users\User\AppData\Local\Temp\{D2309EFC-AB81-74D2-4D23-1674D2309EFC}\ROPYRmXM.exe <==== UWAGA
AlternateDataStreams: C:\Users\Public\AppData:CSM [456]
MSCONFIG\startupreg: backwindow132 => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-196818750\backwindow132.exe
MSCONFIG\startupreg: backwindow232 => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-196818750\backwindow232.exe
MSCONFIG\startupreg: backwindow32 => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-196818750\backwindow32.exe
MSCONFIG\startupreg: backwindow332 => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-1968138750\backwindow332.exe
MSCONFIG\startupreg: backwindow532 => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-1968138750\backwindow532.exe
MSCONFIG\startupreg: backwindow632 => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-1968138750\backwindow632.exe
MSCONFIG\startupreg: lansys32 => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-18617711\lansys32.exe
MSCONFIG\startupreg: lliseconc8 => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-196852800\lliseconc8.exe
MSCONFIG\startupreg: msiql => C:\Users\User\AppData\Local\Temp\00025848\msiql.exe /RUNNING
MSCONFIG\startupreg: Optimizer.exe => "C:\Users\User\AppData\Local\Optimizer\Optimizer.exe"
MSCONFIG\startupreg: Sidebars => C:\Users\User\AppData\Roaming\winampes.exe
MSCONFIG\startupreg: systimwindow32 => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-1968152800\systimwindow32.exe
MSCONFIG\startupreg: THIS IS WIIIGET! => C:\Users\User\AppData\Roaming\Microsoft\beisvjej\jrvuigfb.exe
FirewallRules: [TCP Query User{36D0E832-2D9A-41FB-A61D-8409D7AF5B82}C:\users\user\appdata\local\gamerhash\miners\claymore_cryptonote_v1\nscpucnminer64.gh] => (Allow) C:\users\user\appdata\local\gamerhash\miners\claymore_cryptonote_v1\nscpucnminer64.gh
FirewallRules: [UDP Query User{D9BDDE0C-DAD4-4B2F-B0BC-9A9C386F22E8}C:\users\user\appdata\local\gamerhash\miners\claymore_cryptonote_v1\nscpucnminer64.gh] => (Allow) C:\users\user\appdata\local\gamerhash\miners\claymore_cryptonote_v1\nscpucnminer64.gh
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKU\S-1-5-21-2765039487-2702460980-1030939640-1000\...\Run: [THIS IS WIIIGET!] => C:\Users\User\AppData\Roaming\Microsoft\beisvjej\jrvuigfb.exe [119808 2018-01-12] ()
HKU\S-1-5-21-2765039487-2702460980-1030939640-1000\...\Run: [lliseconc8] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-196852800\lliseconc8.exe [154112 2018-03-07] (toxity)
HKU\S-1-5-21-2765039487-2702460980-1030939640-1000\...\Run: [backwindow32] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-196818750\backwindow32.exe [155136 2018-03-07] (toxity)
HKU\S-1-5-21-2765039487-2702460980-1030939640-1000\...\Run: [backwindow632] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-1968138750\backwindow632.exe [151552 2018-03-07] (toxity)
HKU\S-1-5-21-2765039487-2702460980-1030939640-1000\...\Run: [backwindow332] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-1968138750\backwindow332.exe [154112 2018-03-07] (toxity)
HKU\S-1-5-21-2765039487-2702460980-1030939640-1000\...\Run: [backwindow232] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-196818750\backwindow232.exe [156160 2018-03-07] (toxity)
HKU\S-1-5-21-2765039487-2702460980-1030939640-1000\...\Run: [lansys32] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-18617711\lansys32.exe [154624 2018-03-07] (toxity)
HKU\S-1-5-21-2765039487-2702460980-1030939640-1000\...\Run: [backwindow132] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-196818750\backwindow132.exe [158208 2018-03-07] (toxity)
HKU\S-1-5-21-2765039487-2702460980-1030939640-1000\...\Run: [backwindow532] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-1968138750\backwindow532.exe [155648 2018-03-07] (toxity)
HKU\S-1-5-21-2765039487-2702460980-1030939640-1000\...\Run: [systimwindow32] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-1968152800\systimwindow32.exe [153600 2018-03-07] (toxity)
HKU\S-1-5-21-2765039487-2702460980-1030939640-1000\...\Run: [Hearthstone Beta Launcher] => C:\Program Files (x86)\Hearthstone\v9.1.50366\Hearthstone Beta Launcher.exe [292864 2018-01-12] ()
HKU\S-1-5-21-2765039487-2702460980-1030939640-1000\...\RunOnce: [backwindow532] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-1968138750\backwindow532.exe [155648 2018-03-07] (toxity)
HKU\S-1-5-21-2765039487-2702460980-1030939640-1000\...\RunOnce: [systimwindow32] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-1968152800\systimwindow32.exe [153600 2018-03-07] (toxity)
HKU\S-1-5-21-2765039487-2702460980-1030939640-1000\...\RunOnce: [lansys32] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-18617711\lansys32.exe [154624 2018-03-07] (toxity)
HKU\S-1-5-21-2765039487-2702460980-1030939640-1000\...\RunOnce: [lliseconc8] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-196852800\lliseconc8.exe [154112 2018-03-07] (toxity)
HKU\S-1-5-21-2765039487-2702460980-1030939640-1000\...\RunOnce: [backwindow132] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-196818750\backwindow132.exe [158208 2018-03-07] (toxity)
HKU\S-1-5-21-2765039487-2702460980-1030939640-1000\...\RunOnce: [backwindow232] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-196818750\backwindow232.exe [156160 2018-03-07] (toxity)
HKU\S-1-5-21-2765039487-2702460980-1030939640-1000\...\RunOnce: [backwindow632] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-1968138750\backwindow632.exe [151552 2018-03-07] (toxity)
HKU\S-1-5-21-2765039487-2702460980-1030939640-1000\...\RunOnce: [backwindow32] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-196818750\backwindow32.exe [155136 2018-03-07] (toxity)
HKU\S-1-5-21-2765039487-2702460980-1030939640-1000\...\RunOnce: [backwindow332] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-1968138750\backwindow332.exe [154112 2018-03-07] (toxity)
HKU\S-1-5-21-2765039487-2702460980-1030939640-1000\...\Winlogon: [Shell] explorer.exe, C:\Users\User\AppData\Roaming\DE25E01C-A553-C0F0-1FF2-A9F4C346ED68\a7b0f190-da75-71cb-1ccb-ae35102fc239.exe <==== UWAGA
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GamerHash.lnk [2018-02-11]
ShortcutTarget: GamerHash.lnk -> C:\FRST\Quarantine\C\Users\User\AppData\Local\GamerHash\GamerHashLauncher.exe (Brak pliku)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hearthstone Beta Launcher.lnk [2018-01-12]
ShortcutTarget: Hearthstone Beta Launcher.lnk -> C:\Program Files (x86)\Hearthstone\v9.1.50366\Hearthstone Beta Launcher.exe ()
GroupPolicy: Ograniczenia - Chrome <==== UWAGA
Tcpip\Parameters: [DhcpNameServer] 31.11.202.254 37.8.214.2
Tcpip\..\Interfaces\{9FB8A1B0-7156-4E41-990A-08D41F0D0026}: [DhcpNameServer] 31.11.202.254 37.8.214.2
"kghenajz" => serwis został odblokowany. <==== UWAGA
S2 kghenajz; C:\Windows\SysWOW64\kghenajz\wsmsyasj.exe [0 ] () <==== UWAGA (zerobajtowy plik/folder)
S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X]
2018-03-07 14:20 - 2018-03-07 16:28 - 000000012 _____ C:\ProgramData\rwi.jhad
2018-03-06 17:34 - 2018-03-06 17:34 - 000028060 _____ C:\Windows\baxijahunimomanepubalapomuwilife tovu
2018-03-06 17:34 - 2018-03-06 17:34 - 000000000 _RSHD C:\Users\User\AppData\Roaming\DE25E01C-A553-C0F0-1FF2-A9F4C346ED68
2018-03-06 17:34 - 2018-03-06 17:34 - 000000000 __SHD C:\Users\User\AppData\Roaming\sn
2018-03-06 17:34 - 2018-03-06 17:34 - 000000000 ____D C:\Windows\SysWOW64\kghenajz
2018-03-06 17:34 - 2018-03-06 17:34 - 000000000 ____D C:\Users\User\AppData\Roaming\filesbo
2018-03-06 17:33 - 2018-03-06 17:57 - 000000000 ____D C:\ProgramData\3467934e-5ad3-0
2018-03-06 17:33 - 2018-03-06 17:57 - 000000000 ____D C:\ProgramData\3467934e-44b5-1
2018-03-06 17:32 - 2018-03-06 17:57 - 000000000 ____D C:\ProgramData\db866caa-50d5-0
2018-03-06 17:32 - 2018-03-06 17:57 - 000000000 ____D C:\ProgramData\db866caa-23d1-1
2018-03-06 17:32 - 2018-03-06 17:32 - 000024554 _____ C:\Windows\yidihopofopazo hujuyevodafobixi
2018-03-06 17:32 - 2018-03-06 17:32 - 000003650 _____ C:\Windows\System32\Tasks\{C981E46A-2744-463B-8E62-4A63A1F8021B}
2018-03-06 17:32 - 2018-03-06 17:32 - 000003566 _____ C:\Windows\System32\Tasks\FastDataX Task
2018-03-06 17:32 - 2018-03-06 17:32 - 000003412 _____ C:\Windows\System32\Tasks\{7789FAC3-B0A2-44A7-B577-9C3089EC7745}
2018-03-06 17:32 - 2018-03-06 17:32 - 000000000 ____D C:\Users\User\AppData\Roaming\OneSystemCare
2018-03-06 17:32 - 2018-03-06 17:32 - 000000000 ____D C:\Users\User\AppData\Roaming\1337
2018-03-06 17:32 - 2018-03-06 17:32 - 000000000 ____D C:\Users\User\AppData\Local\FastDataX
2018-03-06 17:32 - 2018-03-06 17:32 - 000000000 ____D C:\ProgramData\dahjService
2018-03-06 17:32 - 2018-03-06 17:32 - 000000000 ____D C:\Program Files (x86)\Miped
2018-03-06 17:32 - 2018-03-06 17:32 - 000000000 ____D C:\Program Files (x86)\FastDataX
2018-03-06 17:32 - 2018-03-05 22:23 - 001097216 _____ C:\ProgramData\updater.exe
2018-03-06 17:22 - 2018-03-06 17:37 - 000000150 _____ C:\Windows\Reimage.ini
2018-03-01 15:44 - 2018-03-06 15:28 - 000000000 ____D C:\Users\User\AppData\Local\GamerHash
2018-03-01 15:44 - 2018-03-01 15:44 - 000001958 _____ C:\Users\User\Desktop\GamerHash.lnk
2018-03-06 17:41 - 2018-03-07 16:29 - 000000004 _____ () C:\ProgramData\lock.dat
Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"}
CMD: ipconfig /flushdns
CMD: netsh advfirewall reset
Hosts: