CreateRestorePoint: CloseProcesses: EmptyTemp: HKU\S-1-5-21-86094929-2313430768-12774340-1001\...\Run: [electron.app.dllservices] => C:\Users\gruca\AppData\Roaming\.dllbackups\dllruntime.exe [63924677 2021-11-29] (Microsoft Corporation) [File not signed] [File is in use] HKU\S-1-5-21-86094929-2313430768-12774340-1001\...\Run: [net.mullvad.vpn] => C:\Program Files\Mullvad VPN\Mullvad VPN.exe (No File) HKU\S-1-5-21-86094929-2313430768-12774340-1001\...\MountPoints2: {a93df173-24ea-11eb-b8cc-001fc65fdfcd} - "I:\setup.EXE" /AUTORUN GroupPolicy: Restriction ? <==== ATTENTION Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION Task: {23D702CE-0AD2-4386-AD75-0C9211763E52} - System32\Tasks\Opera scheduled Autoupdate 1605188338 => C:\Users\gruca\AppData\Local\Programs\Opera\launcher.exe [2256592 2021-12-21] (Opera Software AS -> Opera Software) Task: {EE06C872-ACBC-4837-A3A7-9227FC67FC33} - System32\Tasks\RunAsStdUser Task => C:\Program Files (x86)\Moo0\AudioRecorder 1.46\VoiceRecorder.exe (No File) Tcpip\..\Interfaces\{3016a114-084d-482b-a2e8-b01007ad0086}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{3e805e67-e0c4-44fa-99ca-c10d7980f1d9}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{449a4402-7be0-4802-a416-af8c9206b14a}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{701885b7-b46c-4de5-afab-52d8960e6425}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{f440536d-681b-46f0-94c2-53f6ccdb9a34}: [DhcpNameServer] 192.168.1.1 2021-12-20 14:01 - 2021-12-20 14:01 - 000000690 __RSH C:\ProgramData\ntuser.pol 2022-01-12 07:11 - 2021-07-26 06:36 - 000000000 ____D C:\Users\gruca\AppData\Roaming\dllservices C:\Users\gruca\AppData\Roaming\dll-propagation C:\Users\gruca\AppData\Roaming\.dllbackups C:\Users\gruca\AppData\Local\Temp\1y6QaG1dVqmqkzRvawVNVxn3bhE FirewallRules: [TCP Query User{BCC19036-B9B3-4ED3-B5C3-0D737457FA30}C:\users\gruca\appdata\roaming\.dllbackups\data\modules\dll-host\downloads\phoenix-gpu\phoenixminer.exe] => (Block) C:\users\gruca\appdata\roaming\.dllbackups\data\modules\dll-host\downloads\phoenix-gpu\phoenixminer.exe => No File FirewallRules: [UDP Query User{3921EB57-E497-4568-95CC-C8315DD75B2A}C:\users\gruca\appdata\roaming\.dllbackups\data\modules\dll-host\downloads\phoenix-gpu\phoenixminer.exe] => (Block) C:\users\gruca\appdata\roaming\.dllbackups\data\modules\dll-host\downloads\phoenix-gpu\phoenixminer.exe => No File RemoveProxy: