CreateRestorePoint: CloseProcesses: EmptyTemp: File: C:\cleanup.exe HKLM-x32\...\RunOnce: [Cleanup] => C:\cleanup.exe [19286 2021-06-10] () [Brak podpisu cyfrowego] HKU\S-1-5-21-2494838212-729635822-1952555144-1000\...\Run: [SteamServerBrowser] => C:\Users\Q\AppData\Roaming\SteamServerBrowser\SteamServerBrowser.exe [289304 2021-04-26] (Lyrha Software Technologies Inc. -> ) <==== UWAGA HKU\S-1-5-21-2494838212-729635822-1952555144-1000\Software\Policies\...\system: [disablecmd] 0 HKU\S-1-5-21-2494838212-729635822-1952555144-1000\...\MountPoints2: {386c5fe0-7042-11ea-9295-ba4034001b84} - D:\AutoRun.exe HKU\S-1-5-21-2494838212-729635822-1952555144-1000\...\MountPoints2: {79840bde-7e72-11eb-847c-4ccc6ad81be2} - 华为手机助手安装向导.exe HKU\S-1-5-21-2494838212-729635822-1952555144-1000\...\MountPoints2: {947b2988-324a-11eb-a5e6-4ccc6ad81be2} - 华为手机助手安装向导.exe Startup: C:\Users\Q\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GamerHash.lnk [2021-02-07] ShortcutTarget: GamerHash.lnk -> C:\Users\Q\AppData\Local\GamerHash\GamerHashLauncher.exe (CoinAxe sp. z o.o. -> ) BootExecute: autocheck autochk * bddel.exe Task: {360ABA9D-6B00-4AA3-AF78-F8E7A18194BB} - System32\Tasks\{F2B44948-A792-4B28-A7BD-479512E0086F} => C:\Windows\system32\pcalua.exe -a "G:\Act of War Zlota Edycja\Act of War Direct Action\AOWEditor.exe" -d "G:\Act of War Zlota Edycja\Act of War Direct Action" Task: {7357400C-4599-4F38-AB8D-AB97EF9035DD} - System32\Tasks\wufuc.{72EEE38B-9997-42BD-85D3-2DD96DA17307} => "C:\Windows\system32\rundll32.exe" "C:\Program Files\wufuc\wufuc64.dll",RUNDLL32_Start Task: {ACCF0FF4-9E2C-4B14-BB0C-696AD0B9DF4D} - System32\Tasks\{81F631A4-7C0F-43D4-B0D8-E8F737952300} => C:\Windows\system32\pcalua.exe -a I:\autorun.exe -d I:\ Task: {B145178B-9E49-4899-A162-D3DA4BA64FAE} - System32\Tasks\Opera scheduled Autoupdate 1563224549 => C:\Users\Q\AppData\Local\Programs\Opera\launcher.exe [2199760 2021-06-02] (Opera Software AS -> Opera Software) Tcpip\..\Interfaces\{0e4e2be7-d5f9-43bb-addb-15e39fc31683}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{215d05a8-19de-432b-9c65-a710e86aed40}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{3daaff6f-9937-46b1-8e17-8d634b1e68e3}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{7CC0686E-FC4C-4377-858F-EAD2CC637B99}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{8E98D63A-4969-4D69-B1C6-8367034894A6}: [DhcpNameServer] 192.168.42.129 Tcpip\..\Interfaces\{A0EECD07-F2E1-4CCC-A66E-F36C95E4BA40}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{a5d9db7b-a0eb-4824-a9b1-5b85925c1fd7}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{DE539556-39CB-4A6D-9D2D-B79D7871C386}: [DhcpNameServer] 192.168.42.129 FF Plugin: @microsoft.com/GENUINE -> disabled [Brak pliku] FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Brak pliku] S2 amdacpusrsvc; "C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe" [X] S0 hgxna; C:\Windows\SysWOW64\drivers\sxnqf.sys [61440 2021-06-10] () [Brak podpisu cyfrowego] S0 khpexm; C:\Windows\SysWOW64\drivers\xvap.sys [61440 2021-06-10] () [Brak podpisu cyfrowego] S0 ocog; C:\Windows\SysWOW64\drivers\gyjzfqo.sys [61440 2021-06-10] () [Brak podpisu cyfrowego] U0 xhffym; C:\Windows\SysWOW64\drivers\kupepp.sys [61440 2021-06-10] () [Brak podpisu cyfrowego] S3 cpuz149; \??\C:\Windows\temp\cpuz149\cpuz149_x64.sys [X] S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X] S4 NVHDA; system32\drivers\nvhda64v.sys [X] S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X] S3 RTCore64; \??\F:\System i Wydajnoœæ\MSI Afterburner\Legacy\RTCore64.sys [X] R3 WinRing0_1_2_0; \??\C:\MSI\Gaming APP\MODAPI.sys [X] S3 xhunter1; \??\C:\Windows\xhunter1.sys [X] 2021-06-10 23:43 - 2021-06-10 23:43 - 000135168 _____ C:\zip.exe 2021-06-10 23:43 - 2021-06-10 23:43 - 000061440 _____ C:\Windows\SysWOW64\Drivers\kupepp.sys 2021-06-10 23:43 - 2021-06-10 23:43 - 000019286 _____ C:\cleanup.exe 2021-06-10 23:43 - 2021-06-10 23:43 - 000000574 _____ C:\cleanup.bat 2021-06-10 23:43 - 2021-06-10 23:43 - 000000050 _____ C:\Program Files (x86)\frkooaq.txt 2021-06-10 23:35 - 2021-06-10 23:35 - 000061440 _____ C:\Windows\SysWOW64\Drivers\sxnqf.sys 2021-06-10 23:35 - 2021-06-10 23:35 - 000000050 _____ C:\Windows\SysWOW64\jesayuxm.txt 2021-06-10 23:34 - 2021-06-10 23:34 - 000061440 _____ C:\Windows\SysWOW64\Drivers\gyjzfqo.sys 2021-06-10 23:34 - 2021-06-10 23:34 - 000000050 _____ C:\Windows\rnzeg.txt 2021-06-10 23:31 - 2021-06-10 23:31 - 000061440 _____ C:\Windows\SysWOW64\Drivers\xvap.sys 2021-06-10 23:31 - 2021-06-10 23:31 - 000000050 _____ C:\Windows\vuhb.txt 2021-06-10 22:27 - 2021-06-10 22:27 - 000000000 ____D C:\Windows\erdnt 2021-06-10 23:43 - 2021-06-10 23:43 - 000000050 _____ () C:\Program Files (x86)\frkooaq.txt 2021-06-10 23:43 - 2021-06-10 23:43 - 000019286 _____ C:\cleanup.exe 2021-06-10 23:43 - 2021-06-10 23:43 - 000135168 _____ C:\zip.exe 2006-01-02 16:51 - 2006-01-02 16:51 - 001850880 _____ C:\Windows\setup_rangers_2.exe WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\":: WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99] WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate] AlternateDataStreams: C:\Users\Q:Heroes & Generals [38] AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [490] AlternateDataStreams: C:\Users\Q\Dane aplikacji:fbd50e2f7662a5c33287ddc6e65ab5a1 [394] AlternateDataStreams: C:\Users\Q\ntuser.ini:NTV [12884] AlternateDataStreams: C:\Users\Q\AppData\Roaming:fbd50e2f7662a5c33287ddc6e65ab5a1 [394] HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-2494838212-729635822-1952555144-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank IE trusted site: HKU\S-1-5-21-2494838212-729635822-1952555144-1000\...\sharepoint.com -> hxxps://wsisizwit-files.sharepoint.com FirewallRules: [TCP Query User{83E6EB5A-D09E-4F2A-90DC-8810C6CD4E84}C:\users\q\appdata\local\gamerhash\miners\gminer_v8\miner.gh] => (Allow) C:\users\q\appdata\local\gamerhash\miners\gminer_v8\miner.gh () [Brak podpisu cyfrowego] FirewallRules: [UDP Query User{D96F3245-CA25-4AE5-A581-43A28C5384C7}C:\users\q\appdata\local\gamerhash\miners\gminer_v8\miner.gh] => (Allow) C:\users\q\appdata\local\gamerhash\miners\gminer_v8\miner.gh () [Brak podpisu cyfrowego] FirewallRules: [{2D4A6CE2-D4EF-48C4-8566-0D3B4B9A9ED0}] => (Allow) LPort=26789 RemoveProxy: Hosts: