CloseProcesses:
CreateRestorePoint:
EmptyTemp:
VirusTotal: C:\Users\Tobiasz\AppData\Roaming\WinRAR\Precomp\precomp.exe
Task: {8AF8FED2-917B-4578-81A0-33290DC85180} - System32\Tasks\{07B61603-6441-DDD9-1E76-1A49BCB83905} => C:\Program Files (x86)\Common Files\yzjHUbaKJo.exe [1624-02-24] (Microsoft Corporation)
Task: {A5EB8ABA-9F33-406D-B298-F2E609DF4C72} - System32\Tasks\{D201824E-7SP1-4321-8GH5-LA32311B16CA} => C:\Users\Tobiasz\AppData\Roaming\WinRAR\Precomp\precomp.exe <==== UWAGA
Task: {E7DEF11A-3F9F-48AA-BEA4-87D1897DF67A} - System32\Tasks\{86B7F2E4-AF29-3BA1-8F8F-04FDBBC2B9E8} => C:\Users\Tobiasz\AppData\Local\oaaUcyaAyBgP.exe [1624-02-24] (Microsoft Corporation)
AlternateDataStreams: C:\ProgramData:NT [40]
AlternateDataStreams: C:\ProgramData:NT2 [432]
AlternateDataStreams: C:\Users\All Users:NT [40]
AlternateDataStreams: C:\Users\All Users:NT2 [432]
AlternateDataStreams: C:\Users\Tobiasz:Heroes & Generals [38]
AlternateDataStreams: C:\ProgramData\Dane aplikacji:NT [40]
AlternateDataStreams: C:\ProgramData\Dane aplikacji:NT2 [432]
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT [40]
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT2 [432]
AlternateDataStreams: C:\Users\Public\AppData:CSM [482]
AlternateDataStreams: C:\Users\Tobiasz\Dane aplikacji:NT [40]
AlternateDataStreams: C:\Users\Tobiasz\Dane aplikacji:NT2 [432]
AlternateDataStreams: C:\Users\Tobiasz\AppData\Roaming:NT [40]
AlternateDataStreams: C:\Users\Tobiasz\AppData\Roaming:NT2 [432]
HKU\S-1-5-21-1607249154-548488856-3897799970-1001\Software\Classes\.exe: exefile =>  <==== UWAGA
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA
HKU\S-1-5-21-1607249154-548488856-3897799970-1001\...\MountPoints2: {30a3cbb3-0b4c-11e8-8367-309c23288a99} - "E:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-1607249154-548488856-3897799970-1001\...\MountPoints2: {3c431460-ce99-11e7-8349-309c23288a99} - "E:\setup.exe" 
GroupPolicy: Ograniczenia - Chrome <==== UWAGA
GroupPolicy\User: Ograniczenia <==== UWAGA
S3 MBAMFarflt; system32\DRIVERS\farflt.sys [X]
S3 MBAMProtection; \SystemRoot\system32\DRIVERS\mbam.sys [X]
S0 MBAMSwissArmy; System32\Drivers\mbamswissarmy.sys [X]
S3 MBAMWebProtection; \SystemRoot\system32\DRIVERS\mwac.sys [X]
2018-04-03 23:12 - 2018-04-03 23:12 - 000000000 ____D C:\Users\Tobiasz\AppData\LocalLow\yQvJhxdeQJQrX
2018-04-03 23:07 - 2018-04-04 00:23 - 000005784 __RSH C:\ProgramData\ntuser.pol
2018-03-12 12:57 - 2018-03-12 12:57 - 000000410 __RSH C:\Users\Tobiasz\ntuser.pol
1624-02-24 06:22 - 1624-02-24 06:22 - 000059904 ____N (Microsoft Corporation) C:\Program Files (x86)\Common Files\yzjHUbaKJo.exe
1624-02-24 06:22 - 1624-02-24 06:22 - 000174592 ____N (Microsoft Corporation) C:\Users\Tobiasz\AppData\Roaming\nbMevIOaoNyYa.exe
1624-02-24 06:22 - 1624-02-24 06:22 - 000059904 ____N (Microsoft Corporation) C:\Users\Tobiasz\AppData\Local\oaaUcyaAyBgP.exe
CMD: dir /a "C:\Users\Tobiasz\AppData\LocalLow"
FilesInDirectory: C:\Users\Tobiasz\AppData\Local\*.exe;*.dll;*.ini
FilesInDirectory: C:\Users\Tobiasz\AppData\Roaming\*.exe;*.dll;*.ini
Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"}