CreateRestorePoint: CloseProcesses: EmptyTemp: File: C:\Windows\System32\MsBC27851AApp.dll HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA HKU\S-1-5-21-1851017888-1038024472-3138641645-1000\...\MountPoints2: {05ff153f-4bac-11e9-afcc-047d7b3c0e49} - E:\HiSuiteDownLoader.exe HKU\S-1-5-21-1851017888-1038024472-3138641645-1000\...\MountPoints2: {05ff1543-4bac-11e9-afcc-047d7b3c0e49} - E:\HiSuiteDownLoader.exe HKU\S-1-5-21-1851017888-1038024472-3138641645-1000\...\MountPoints2: {0807f9dd-c2a4-11e6-b614-047d7b3c0e49} - E:\autorun.exe HKU\S-1-5-21-1851017888-1038024472-3138641645-1000\...\MountPoints2: {16ca8edf-3146-11e6-b598-047d7b3c0e49} - E:\HTC_Sync_Manager_PC.exe HKU\S-1-5-21-1851017888-1038024472-3138641645-1000\...\MountPoints2: {22cd78f2-e7b7-11e7-bb2a-047d7b3c0e49} - E:\MicroLauncher.exe HKU\S-1-5-21-1851017888-1038024472-3138641645-1000\...\MountPoints2: {2907522a-2559-11ea-871f-047d7b3c0e49} - E:\HiSuiteDownLoader.exe HKU\S-1-5-21-1851017888-1038024472-3138641645-1000\...\MountPoints2: {2907522f-2559-11ea-871f-047d7b3c0e49} - E:\HiSuiteDownLoader.exe HKU\S-1-5-21-1851017888-1038024472-3138641645-1000\...\MountPoints2: {2cf6f957-1961-11e9-98b6-047d7b3c0e49} - E:\HiSuiteDownLoader.exe HKU\S-1-5-21-1851017888-1038024472-3138641645-1000\...\MountPoints2: {2dad1b8b-b297-11e9-b470-047d7b3c0e49} - E:\HiSuiteDownLoader.exe HKU\S-1-5-21-1851017888-1038024472-3138641645-1000\...\MountPoints2: {2e1a0ef7-88c3-11e8-9141-047d7b3c0e49} - E:\HiSuiteDownLoader.exe HKU\S-1-5-21-1851017888-1038024472-3138641645-1000\...\MountPoints2: {35078eeb-cd45-11e9-b8a8-047d7b3c0e49} - E:\HiSuiteDownLoader.exe HKU\S-1-5-21-1851017888-1038024472-3138641645-1000\...\MountPoints2: {4c9f7248-3cc0-11e9-af06-047d7b3c0e49} - E:\iLinker.exe HKU\S-1-5-21-1851017888-1038024472-3138641645-1000\...\MountPoints2: {568b94ce-72c5-11e8-b909-047d7b3c0e49} - E:\windows\Install\Install.exe HKU\S-1-5-21-1851017888-1038024472-3138641645-1000\...\MountPoints2: {578ad6af-1760-11eb-9a42-047d7b3c0e49} - E:\OnePlus_setup.exe /s HKU\S-1-5-21-1851017888-1038024472-3138641645-1000\...\MountPoints2: {578ad6c0-1760-11eb-9a42-047d7b3c0e49} - E:\HiSuiteDownLoader.exe HKU\S-1-5-21-1851017888-1038024472-3138641645-1000\...\MountPoints2: {5af18cf1-cd1f-11e8-9227-047d7b3c0e49} - E:\HiSuiteDownLoader.exe HKU\S-1-5-21-1851017888-1038024472-3138641645-1000\...\MountPoints2: {6f585d4b-7e8b-11e8-9125-047d7b3c0e49} - E:\AutoRun.exe HKU\S-1-5-21-1851017888-1038024472-3138641645-1000\...\MountPoints2: {74ae695e-4361-11eb-929b-047d7b3c0e49} - E:\HiSuiteDownLoader.exe HKU\S-1-5-21-1851017888-1038024472-3138641645-1000\...\MountPoints2: {74ae6962-4361-11eb-929b-047d7b3c0e49} - E:\HiSuiteDownLoader.exe HKU\S-1-5-21-1851017888-1038024472-3138641645-1000\...\MountPoints2: {791f8911-3418-11e9-a678-047d7b3c0e49} - E:\HTC_Sync_Manager_PC.exe HKU\S-1-5-21-1851017888-1038024472-3138641645-1000\...\MountPoints2: {791f8915-3418-11e9-a678-047d7b3c0e49} - E:\HiSuiteDownLoader.exe HKU\S-1-5-21-1851017888-1038024472-3138641645-1000\...\MountPoints2: {821e2e4e-3c22-11ea-9411-047d7b3c0e49} - E:\HiSuiteDownLoader.exe HKU\S-1-5-21-1851017888-1038024472-3138641645-1000\...\MountPoints2: {850297cd-5db8-11e9-aec7-047d7b3c0e49} - E:\HiSuiteDownLoader.exe HKU\S-1-5-21-1851017888-1038024472-3138641645-1000\...\MountPoints2: {8e0d0b51-ba9e-11ea-ac4f-047d7b3c0e49} - E:\Setup.exe HKU\S-1-5-21-1851017888-1038024472-3138641645-1000\...\MountPoints2: {92ddf0ec-840d-11e8-8eb0-047d7b3c0e49} - E:\AutoRun.exe HKU\S-1-5-21-1851017888-1038024472-3138641645-1000\...\MountPoints2: {92ddf0fd-840d-11e8-8eb0-047d7b3c0e49} - E:\AutoRun.exe HKU\S-1-5-21-1851017888-1038024472-3138641645-1000\...\MountPoints2: {98a95b08-d020-11e7-8e6f-047d7b3c0e49} - E:\AutoRun.exe HKU\S-1-5-21-1851017888-1038024472-3138641645-1000\...\MountPoints2: {98a95b0e-d020-11e7-8e6f-047d7b3c0e49} - E:\AutoRun.exe HKU\S-1-5-21-1851017888-1038024472-3138641645-1000\...\MountPoints2: {ac48711c-06d7-11eb-a681-047d7b3c0e49} - E:\HiSuiteDownLoader.exe HKU\S-1-5-21-1851017888-1038024472-3138641645-1000\...\MountPoints2: {c3ef58cd-4335-11ea-8d46-047d7b3c0e49} - E:\Setup.exe HKU\S-1-5-21-1851017888-1038024472-3138641645-1000\...\MountPoints2: {cdb9770c-0c57-11eb-b75a-047d7b3c0e49} - E:\HiSuiteDownLoader.exe HKU\S-1-5-21-1851017888-1038024472-3138641645-1000\...\MountPoints2: {cdb97715-0c57-11eb-b75a-047d7b3c0e49} - E:\HiSuiteDownLoader.exe HKU\S-1-5-21-1851017888-1038024472-3138641645-1000\...\MountPoints2: {ce15dd2a-e4bc-11e8-9c39-047d7b3c0e49} - E:\HiSuiteDownLoader.exe HKU\S-1-5-21-1851017888-1038024472-3138641645-1000\...\MountPoints2: {cf88241a-f53d-11e8-b429-047d7b3c0e49} - E:\HiSuiteDownLoader.exe HKU\S-1-5-21-1851017888-1038024472-3138641645-1000\...\MountPoints2: {e6757b5a-cfd5-11ea-837a-047d7b3c0e49} - F:\HiSuiteDownLoader.exe HKU\S-1-5-21-1851017888-1038024472-3138641645-1000\...\MountPoints2: {e6757b83-cfd5-11ea-837a-047d7b3c0e49} - F:\HiSuiteDownLoader.exe HKU\S-1-5-21-1851017888-1038024472-3138641645-1000\...\MountPoints2: {ea34baf0-db69-11e9-9033-047d7b3c0e49} - E:\HiSuiteDownLoader.exe HKU\S-1-5-21-1851017888-1038024472-3138641645-1000\...\MountPoints2: {ea79a9f7-a49d-11ea-bc7a-047d7b3c0e49} - E:\Setup.exe HKU\S-1-5-21-1851017888-1038024472-3138641645-1000\...\MountPoints2: {f1b613e8-1ee0-11e9-8a10-047d7b3c0e49} - E:\Setup.exe HKLM\SOFTWARE\Policies\Mozilla\Firefox: Ograniczenia <==== UWAGA Task: {15C3B129-C30C-4427-B522-DC511BE1CB7B} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1791712 2021-02-23] (Avast Software s.r.o. -> Avast Software) Task: {DAC517E5-CBA3-4452-A38B-77D82CD1F44C} - System32\Tasks\{43E453BD-9EC7-43A4-86A2-C66F7E253DF2} => C:\Windows\system32\pcalua.exe -a C:\Users\toshiba\Desktop\ziphone\Setup.exe -d C:\Users\toshiba\Desktop\ziphone FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [Brak pliku] FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [Brak pliku] FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [Brak pliku] FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [Brak pliku] FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [Brak pliku] HKLM\SYSTEM\ControlSet001\Services\MsBC27851AApp => C:\Windows\System32\MsBC27851AApp.dll <==== UWAGA (Rootkit!/Zablokowana usługa) S3 WsDrvInst; "C:\Program Files (x86)\Wondershare\New TunesGo\DriverInstall.exe" [X] S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X] S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X] S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X] S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X] NETSVC: MsBC27851AApp -> Brak ścieżki do pliku. FCheck: C:\Windows\system32\jdns_sd.dll [2019-06-12] <==== UWAGA (zerobajtowy plik/folder) CustomCLSID: HKU\S-1-5-21-1851017888-1038024472-3138641645-1000_Classes\CLSID\{30BFA329-5E6D-D868-FA23-C631D214C2CE}\InprocServer32 -> C:\Program Files (x86)\Common Files\System\ole32.dll => Brak pliku ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku AlternateDataStreams: C:\ProgramData\TEMP:B755D674 [194] HKU\S-1-5-21-1851017888-1038024472-3138641645-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pl-pl/?ocid=iehp FirewallRules: [SPPSVC-In-TCP] => (Allow) C:\Windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) C:\Windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{C8B398E4-7733-41F1-AECD-B6CCF2D07436}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe => Brak pliku FirewallRules: [{234A88B7-ADF4-4334-8D7B-31B44206F391}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe => Brak pliku FirewallRules: [{7D940413-FBC2-4F59-9693-F3FD4756A2B5}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe => Brak pliku FirewallRules: [{6DABDF73-1040-43E9-B7CF-33D404E626D7}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe => Brak pliku FirewallRules: [{99EE1012-EE6E-40BA-8DC3-8DE2E121EB19}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe => Brak pliku FirewallRules: [{E299CCBC-E4AA-4851-BFD3-1448762E39F8}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe => Brak pliku FirewallRules: [TCP Query User{033B03AE-F5D3-4EA7-9730-57AFDD5285C7}C:\program files (x86)\miranda im\miranda32.exe] => (Allow) C:\program files (x86)\miranda im\miranda32.exe => Brak pliku FirewallRules: [UDP Query User{FA605FAE-B2EC-47B8-BB5D-874B9B8E9ACA}C:\program files (x86)\miranda im\miranda32.exe] => (Allow) C:\program files (x86)\miranda im\miranda32.exe => Brak pliku FirewallRules: [TCP Query User{7054A8C9-4D68-425D-A449-7BFE3E510F47}C:\program files (x86)\miranda im\miranda32.exe] => (Allow) C:\program files (x86)\miranda im\miranda32.exe => Brak pliku FirewallRules: [UDP Query User{B160EEDA-9BBC-49CE-AF32-356BBFCBEBE9}C:\program files (x86)\miranda im\miranda32.exe] => (Allow) C:\program files (x86)\miranda im\miranda32.exe => Brak pliku FirewallRules: [TCP Query User{FEF0C3A5-B7FF-45E0-A923-0AA6C597EA79}C:\users\toshiba\appdata\local\dmp services\delta media player\dmplayer.exe] => (Allow) C:\users\toshiba\appdata\local\dmp services\delta media player\dmplayer.exe => Brak pliku FirewallRules: [UDP Query User{9032FCB2-D333-48D9-8463-0627EDB8C773}C:\users\toshiba\appdata\local\dmp services\delta media player\dmplayer.exe] => (Allow) C:\users\toshiba\appdata\local\dmp services\delta media player\dmplayer.exe => Brak pliku FirewallRules: [TCP Query User{544534AA-14F9-4D85-9616-BE2BE72DE396}C:\users\toshiba\downloads\freedownloadmanagerportable\app\freedownloadmanager\fdm.exe] => (Allow) C:\users\toshiba\downloads\freedownloadmanagerportable\app\freedownloadmanager\fdm.exe => Brak pliku FirewallRules: [UDP Query User{7B13E256-ABA7-49AD-B1C7-0C496442341E}C:\users\toshiba\downloads\freedownloadmanagerportable\app\freedownloadmanager\fdm.exe] => (Allow) C:\users\toshiba\downloads\freedownloadmanagerportable\app\freedownloadmanager\fdm.exe => Brak pliku FirewallRules: [TCP Query User{6F40D023-1C67-4630-9CCE-CCD65300678D}C:\users\toshiba\downloads\freedownloadmanagerportable\app\freedownloadmanager\fdm.exe] => (Allow) C:\users\toshiba\downloads\freedownloadmanagerportable\app\freedownloadmanager\fdm.exe => Brak pliku FirewallRules: [UDP Query User{62280A87-5405-40CD-9795-D01620F8847A}C:\users\toshiba\downloads\freedownloadmanagerportable\app\freedownloadmanager\fdm.exe] => (Allow) C:\users\toshiba\downloads\freedownloadmanagerportable\app\freedownloadmanager\fdm.exe => Brak pliku FirewallRules: [TCP Query User{575A8521-7ED1-49D3-A54E-57F7F168A2E1}C:\users\toshiba\downloads\utorrentportable\app\utorrent\utorrent.exe] => (Allow) C:\users\toshiba\downloads\utorrentportable\app\utorrent\utorrent.exe => Brak pliku FirewallRules: [UDP Query User{125DE3BA-C19D-4EC3-A524-F7BE6C03C61E}C:\users\toshiba\downloads\utorrentportable\app\utorrent\utorrent.exe] => (Allow) C:\users\toshiba\downloads\utorrentportable\app\utorrent\utorrent.exe => Brak pliku FirewallRules: [TCP Query User{70B241A6-52BC-4BA2-B646-749FC546BBE9}C:\program files (x86)\mobikin\mobikin assistant for android\3.8.8\bin\androidassistserver.exe] => (Allow) C:\program files (x86)\mobikin\mobikin assistant for android\3.8.8\bin\androidassistserver.exe => Brak pliku FirewallRules: [UDP Query User{65BE2AEE-08B1-4D25-8311-7067CFED1327}C:\program files (x86)\mobikin\mobikin assistant for android\3.8.8\bin\androidassistserver.exe] => (Allow) C:\program files (x86)\mobikin\mobikin assistant for android\3.8.8\bin\androidassistserver.exe => Brak pliku FirewallRules: [{4CBC1CC2-F310-4D93-BD5E-69159FE85817}] => (Allow) C:\Program Files\BlueStacks\HD-Player.exe => Brak pliku FirewallRules: [{1DD65058-8A6B-452E-A9BC-3AF7C0CB9F67}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => Brak pliku FirewallRules: [{977B7EB5-4FB9-4423-9BA2-945C100B7CD5}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => Brak pliku FirewallRules: [{4358471A-2E44-40A9-AA30-1DE4C4B5CE6B}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => Brak pliku FirewallRules: [{0AF3949F-A64D-4314-A556-9458DA45EFC6}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => Brak pliku FirewallRules: [{54A372CB-5EDE-45E5-9FF8-1806A07F20F3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe => Brak pliku FirewallRules: [{30F6C50E-38AA-4A9C-B254-74260C0CB98A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe => Brak pliku FirewallRules: [{54607464-4F1A-4C20-8573-087D32F3B776}] => (Allow) C:\Users\toshiba\AppData\Local\NetboxBrowser\netboxwallet.exe => Brak pliku FirewallRules: [{ED293D7C-3D54-48FF-B43C-862D54429001}] => (Allow) C:\Users\toshiba\AppData\Local\NetboxBrowser\netboxwallet.exe => Brak pliku FirewallRules: [{1BB76C15-9A9E-454B-A967-C31E653C0B76}] => (Allow) C:\Users\toshiba\AppData\Local\NetboxBrowser\Application\netboxbrowser.exe => Brak pliku FirewallRules: [{237F2263-36B5-4E6D-AAAE-E5108E718EFD}] => (Allow) C:\Users\toshiba\AppData\Local\NetboxBrowser\Application\netboxbrowser.exe => Brak pliku FirewallRules: [TCP Query User{F588AF48-A29B-4966-B9EF-49A3858C4955}C:\users\toshiba\appdata\local\programs\opera\69.0.3686.77\opera.exe] => (Block) C:\users\toshiba\appdata\local\programs\opera\69.0.3686.77\opera.exe => Brak pliku FirewallRules: [UDP Query User{01AF992E-6B75-4089-B46B-87FCCF7F6295}C:\users\toshiba\appdata\local\programs\opera\69.0.3686.77\opera.exe] => (Block) C:\users\toshiba\appdata\local\programs\opera\69.0.3686.77\opera.exe => Brak pliku FirewallRules: [TCP Query User{54C4C517-37C9-41DC-97E1-7225BCF617D7}C:\program files (x86)\java\jre1.8.0_191\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_191\bin\javaw.exe FirewallRules: [UDP Query User{43608F52-9C0D-4F1A-8A21-5C59B7481DEE}C:\program files (x86)\java\jre1.8.0_191\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_191\bin\javaw.exe FirewallRules: [TCP Query User{0F3A3E43-E208-452C-B9A7-1B58E62430B2}C:\users\toshiba\desktop\riverdale\utorrentportable\app\utorrent\utorrent.exe] => (Allow) C:\users\toshiba\desktop\riverdale\utorrentportable\app\utorrent\utorrent.exe => Brak pliku FirewallRules: [UDP Query User{5FE17884-2C65-417C-8BB6-0F76051FB17E}C:\users\toshiba\desktop\riverdale\utorrentportable\app\utorrent\utorrent.exe] => (Allow) C:\users\toshiba\desktop\riverdale\utorrentportable\app\utorrent\utorrent.exe => Brak pliku FirewallRules: [TCP Query User{BE79EEE3-47D6-448F-AA28-D00356AC80FB}C:\users\toshiba\appdata\local\programs\opera\71.0.3770.284\opera.exe] => (Allow) C:\users\toshiba\appdata\local\programs\opera\71.0.3770.284\opera.exe => Brak pliku FirewallRules: [UDP Query User{3A3CF77A-D8F6-4E2F-836B-51845A2FBD42}C:\users\toshiba\appdata\local\programs\opera\71.0.3770.284\opera.exe] => (Allow) C:\users\toshiba\appdata\local\programs\opera\71.0.3770.284\opera.exe => Brak pliku FirewallRules: [TCP Query User{6AE064CF-0C1B-4164-88A6-A779CE3B728B}C:\users\toshiba\appdata\local\programs\opera gx\71.0.3770.441\opera.exe] => (Allow) C:\users\toshiba\appdata\local\programs\opera gx\71.0.3770.441\opera.exe => Brak pliku FirewallRules: [UDP Query User{789ED27C-D670-4BD5-B827-F6B68B0ACAC5}C:\users\toshiba\appdata\local\programs\opera gx\71.0.3770.441\opera.exe] => (Allow) C:\users\toshiba\appdata\local\programs\opera gx\71.0.3770.441\opera.exe => Brak pliku