CreateRestorePoint:
CloseProcesses:

EmptyTemp:
File: C:\WINDOWS\system32\LSMD.exe
File: C:\Users\Dorota\AppData\Roaming\dbcfjie.exe
File: C:\WINDOWS\system32\dwm.exe
HKLM-x32\...\Run: [haleng] => C:\Users\Dorota\AppData\Local\Temp\haleng.e <==== UWAGA
Task: {0B34E821-4859-42C7-B340-721047D7B52F} - System32\Tasks\NvNgxUpdateCheckDaily_{2A68F03E-F03E-F03E-F03E-2A68F03EF03E} => C:\Users\Dorota\AppData\Roaming\dbcfjie.exe <==== UWAGA
Task: {70674F09-FF37-4E72-B549-DC5042EEB161} - System32\Tasks\178BFBFF00660F51 => C:\Users\Dorota\AppData\Local\Temp\873F57220CEF220510C1E2E55E1365BEA08CD8F249820F07C5FF7ADB12BEE25129EEC0FF3B9047699F71758CE702BBFC2643619A547FBD89385A1C54D3F720BA\sihost.exe <==== UWAGA
Tcpip\..\Interfaces\{380ae885-8c18-4d85-8701-7b8c8711ba40}: [DhcpNameServer] 192.168.1.1
2020-12-13 16:29 - 2020-12-13 16:37 - 000000000 ____D C:\ProgramData\I6T6qBZuXkRTlSZ591
2020-12-13 16:28 - 2020-12-13 16:28 - 000000014 _____ C:\ProgramData\kaosdma.txt
2020-12-13 16:28 - 2020-12-13 16:28 - 000000000 ____D C:\Users\Dorota\AppData\Roaming\Doleoni
2020-12-13 16:28 - 2020-12-13 16:28 - 000000000 ____D C:\Users\Dorota\AppData\LocalLow\nb98wqnehe8bw89hb
2020-12-13 16:28 - 2020-12-13 16:28 - 000000000 ____D C:\ProgramData\Riate
2020-12-13 16:27 - 2020-12-13 16:58 - 000000000 ____D C:\WINDOWS\SysWOW64\tquvbhsn
2020-12-13 16:27 - 2020-12-13 16:58 - 000000000 ____D C:\Users\Dorota\AppData\Roaming\Smart Clock
2020-12-13 16:27 - 2020-12-13 16:58 - 000000000 ____D C:\Users\Dorota\AppData\Local\9443cc81-236c-4feb-a93d-f817e3ebe2ba
2020-12-13 16:27 - 2020-12-13 16:58 - 000000000 ____D C:\Program Files (x86)\golefd
2020-12-13 16:27 - 2020-12-13 16:39 - 000003764 _____ C:\WINDOWS\system32\Tasks\NvNgxUpdateCheckDaily_{2A68F03E-F03E-F03E-F03E-2A68F03EF03E}
2020-12-13 16:27 - 2020-12-13 16:36 - 000000000 ____D C:\ProgramData\C7YAA8R3BANCNN2GHJD4ZVA13
2020-12-13 16:27 - 2020-12-13 16:27 - 000186896 _____ () C:\Users\Dorota\AppData\Roaming\7207061.79
2020-12-13 16:27 - 2020-12-13 16:27 - 000004124 _____ C:\WINDOWS\system32\Tasks\178BFBFF00660F51
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> Brak pliku
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> Brak pliku
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> Brak pliku
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> Brak pliku
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> Brak pliku
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> Brak pliku
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> Brak pliku
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> Brak pliku
FirewallRules: [{3029403F-3C58-4C25-8BE1-A8E45C627D44}] => (Allow) LPort=5357
FilesInDirectory: C:\Users\Dorota\AppData\Local\*.exe;*.dll;*.ini;*.txt
FilesInDirectory: C:\Users\Dorota\AppData\Roaming\*.exe;*.dll;*.ini;*.txt

CMD: dir /a "C:\ProgramData"
RemoveProxy:
Hosts: