CloseProcesses:
CreateRestorePoint:
EmptyTemp:
VirusTotal: C:\ProgramData\Microsoft\Windows\EventSvc\work0.exe
VirusTotal: C:\Users\Lukasz\AppData\Local\NtvHost\syssvc.exe
VirusTotal: C:\ProgramData\Microsoft\Windows\EventSvc\eventsvc.exe
(CloudBees, Inc.) C:\Users\Lukasz\AppData\Local\NtvHost\syssvc.exe
(CloudBees, Inc.) C:\ProgramData\Microsoft\Windows\EventSvc\eventsvc.exe
( ) C:\ProgramData\Microsoft\Windows\EventSvc\work0.exe
R2 EventSvc; C:\ProgramData\Microsoft\Windows\EventSvc\eventsvc.exe [360448 2018-07-24] (CloudBees, Inc.) [File not signed] <==== ATTENTION
R2 SysSvc; C:\Users\Lukasz\AppData\Local\NtvHost\syssvc.exe [360448 2018-07-24] (CloudBees, Inc.) [File not signed]
2018-08-24 18:07 - 2018-08-24 18:08 - 000000000 ____D C:\Users\Lukasz\AppData\Local\GoogleChromeUserData
2018-08-24 18:06 - 2018-08-24 18:08 - 000000034 _____ C:\Users\Public\Documents\{DE764086-1C0A-4DD3-90BA-0B93BDD794BE}
2018-08-24 18:06 - 2018-08-24 18:08 - 000000000 ____D C:\Users\Lukasz\AppData\Local\NtvHost
2018-08-24 18:06 - 2018-08-24 18:07 - 000000000 ____D C:\Users\Lukasz\AppData\Local\GoogleChromeApplication
2018-08-24 18:06 - 2018-08-24 18:06 - 000001329 ___RS C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gоoglе Chrоmе.lnk
2018-08-24 18:06 - 2018-08-24 18:06 - 000000000 ____D C:\Users\Lukasz\AppData\Roaming\SPI
2018-08-24 18:06 - 2018-08-24 18:06 - 000000000 ____D C:\Users\Lukasz\AppData\Roaming\Browsers
2018-08-24 18:05 - 2018-08-24 18:06 - 002332570 _____ (Lipocitaru ) C:\Users\Lukasz\Downloads\JavaSetup_1198061643.exe
C:\Users\Lukasz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Intеrnеt Exрlorеr.lnk
C:\Users\Lukasz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gоogle Сhromе.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gоoglе Chrоmе.lnk
FilesInDirectory: C:\Users\Lukasz\AppData\Local\*.exe;*.dll;*.ini
FilesInDirectory: C:\Users\Lukasz\AppData\Roaming\*.exe;*.dll;*.ini