CloseProcesses:
CreateRestorePoint:
EmptyTemp:
File: C:\Users\user\AppData\Roaming\euyb.exe
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA
HKU\S-1-5-21-3187734472-1224757334-2708839159-1001\...\Policies\Explorer: [NoSecurityTab] 1
GroupPolicy: Ograniczenia ? <==== UWAGA
GroupPolicy\User: Ograniczenia ? <==== UWAGA
CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <==== UWAGA
Tcpip\..\Interfaces\{01211a08-c2b8-4924-aeb9-9bd52b53f299}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{e40e0e2f-6ffa-4938-a22e-895274cdf9d1}: [DhcpNameServer] 192.168.0.1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?bcutc=sp-006
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
HKU\S-1-5-21-3187734472-1224757334-2708839159-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
HKU\S-1-5-21-3187734472-1224757334-2708839159-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?bcutc=sp-006
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3187734472-1224757334-2708839159-1001 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3187734472-1224757334-2708839159-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
CHR HomePage: Default -> inline.go.mail.ru
CHR HKU\S-1-5-21-3187734472-1224757334-2708839159-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [depbmknhdjibddghlplolccacmdbnkel] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iepoegkaoeljnbhagabakjodgpfniimo] - hxxps://clients2.google.com/service/update2/crx
2019-03-17 17:56 - 2019-03-17 18:00 - 000000000 ____D C:\Users\user\AppData\Local\Mail.Ru
2019-03-17 17:56 - 2019-03-17 17:56 - 000000000 ____D C:\ProgramData\Mail.Ru
2018-12-17 17:17 - 2018-12-17 17:17 - 003400216 _____ (Alexander Roshal) C:\Program Files\winrar-x64-561pl.exe
1601-01-03 21:26 - 1601-01-03 21:26 - 000060416 ____N (Microsoft Corporation) C:\Users\user\AppData\Roaming\euyb.exe
2019-03-17 19:46 - 2019-03-17 19:46 - 006161408 _____ () C:\Users\user\AppData\Local\dump007.dat
2019-03-17 17:56 - 2019-03-17 17:56 - 001597440 _____ () C:\Users\user\AppData\Local\Temp\1552841791104.exe
2019-03-17 17:57 - 2019-03-17 17:57 - 025260414 _____ (TigerTrade ) C:\Users\user\AppData\Local\Temp\7996182614.exe
2019-03-17 19:46 - 2019-03-17 19:46 - 000000000 ____D () C:\Users\user\AppData\Local\Temp\ImagingEngine.dll
2019-03-17 17:57 - 2019-03-17 17:57 - 001023169 _____ (360dev ) C:\Users\user\AppData\Local\Temp\lightcleanerlightcleaner.exe
2019-03-17 17:56 - 2019-03-17 17:56 - 000355832 _____ () C:\Users\user\AppData\Local\Temp\mcasin.exe
2019-03-17 17:56 - 2019-03-17 17:56 - 001252098 _____ ( ) C:\Users\user\AppData\Local\Temp\MultiTimer.exe
2019-03-17 17:56 - 2019-03-17 17:56 - 005012895 _____ () C:\Users\user\AppData\Local\Temp\run_498396.exe
2019-03-17 17:59 - 2019-03-17 17:57 - 000099906 _____ () C:\Users\user\AppData\Local\Temp\Uninstall.exe
Task: {25AA3CF6-A7C9-40A4-AC4C-1C4B8378C835} - System32\Tasks\Microsoft\Windows\Google\GoogleUpdateTaskMachineUP => C:\WINDOWS\SysWOW64\Microsoft\Protect\S-1-34-76\RB_1.3.54.47.exe <==== UWAGA
FirewallRules: [UDP Query User{94B6AAD0-7D5E-4465-9A40-DC696314A162}C:\games\the sims 4\game\bin\ts4_x64.exe] => (Block) C:\games\the sims 4\game\bin\ts4_x64.exe Brak pliku
FirewallRules: [TCP Query User{5BA47E1D-671D-473B-8EF0-DCF9F4C08F5F}C:\games\the sims 4\game\bin\ts4_x64.exe] => (Block) C:\games\the sims 4\game\bin\ts4_x64.exe Brak pliku
FirewallRules: [UDP Query User{002D6CA4-93C8-4B17-ACE2-2DEC68695351}C:\games\the sims 4\game\bin\ts4.exe] => (Block) C:\games\the sims 4\game\bin\ts4.exe Brak pliku
FirewallRules: [TCP Query User{13EEB7A8-2D65-4A39-A973-EB63C0292D36}C:\games\the sims 4\game\bin\ts4.exe] => (Block) C:\games\the sims 4\game\bin\ts4.exe Brak pliku
FirewallRules: [TCP Query User{64CAEFE7-755D-4279-B568-95FE1B4B17EF}C:\program files (x86)\the sims 4\game\bin\ts4_x64.exe] => (Block) C:\program files (x86)\the sims 4\game\bin\ts4_x64.exe Brak pliku
FirewallRules: [UDP Query User{E326539D-389C-47FB-85A1-C17890C65B39}C:\program files (x86)\the sims 4\game\bin\ts4_x64.exe] => (Block) C:\program files (x86)\the sims 4\game\bin\ts4_x64.exe Brak pliku
FirewallRules: [TCP Query User{66885A0E-3D4E-40DC-9763-2E90417FDE27}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\user\appdata\roaming\spotify\spotify.exe Brak pliku
FirewallRules: [UDP Query User{5673D5A6-9372-400D-9352-0ADF66CFA303}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\user\appdata\roaming\spotify\spotify.exe Brak pliku
FirewallRules: [{54E0680A-297D-4E76-886C-ABADB7E822F6}] => (Allow) C:\WINDOWS\SysWOW64\msiexec.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{5D72F0CC-349A-41F5-84EC-9449AF00F162}] => (Allow) C:\Users\user\AppData\Roaming\euyb.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{32C4AF80-951E-4841-91BC-A6BEDD48A3BE}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{0C140DB4-BCEF-4B9C-8AD6-F6F96D0BA856}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{DE286F55-A98D-45FB-A166-5FCE30541063}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation)
RemoveProxy: