CreateRestorePoint:
CloseProcesses:
EmptyTemp:
File: 2022-01-17 19:35 - 2022-01-17 19:35 - 000003576 _____ C:\Windows\system32\Tasks\mjlooy.exe
HKLM\...\Policies\Explorer: [HideSCAMeetNow] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA
HKU\S-1-5-21-1789183414-2172948479-87873014-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize (Brak pliku)
HKU\S-1-5-21-1789183414-2172948479-87873014-1001\...\Policies\Explorer: [HideSCAMeetNow] 1
Policies: C:\ProgramData\NTUSER.pol: Ograniczenia <==== UWAGA
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Ograniczenia <==== UWAGA
HKLM\SOFTWARE\Policies\Microsoft\Edge: Ograniczenia <==== UWAGA
HKU\S-1-5-21-1789183414-2172948479-87873014-1001\SOFTWARE\Policies\Microsoft\Edge: Ograniczenia <==== UWAGA
Task: {1581E732-9CEC-481E-B1D1-5E7741B4A06F} - System32\Tasks\mjlooy.exe => C:\Users\pc\AppData\Local\Temp\b4af406cd1\mjlooy.exe (Brak pliku) <==== UWAGA
Task: {4826F8B5-5CA8-46C4-8F6D-187590636B2E} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1789183414-2172948479-87873014-500 => C:\Users\pc\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (Brak pliku)
Task: {946613F9-2B0B-41FD-B7AD-0BDE0631D4E0} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-1789183414-2172948479-87873014-1001 => C:\Users\pc\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe /reporting (Brak pliku)
Tcpip\..\Interfaces\{89add567-6bc5-4343-98a3-edd858f3517d}: [DhcpNameServer] 192.168.1.1
FF Notifications: Mozilla\Firefox\Profiles\yzot4jua.default-release -> hxxps://mail-notification.info; hxxps://zarabotok-online.xyz; hxxps://supertopfreegames.com; hxxps://best-loan-info.com; hxxps://ccleaner-download.xyz; hxxps://pinghauz.xyz; hxxps://s-tracking.xyz; hxxps://mnthor.xyz
S3 Disc Soft Lite Bus Service; "C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe" [X]
2022-01-17 19:48 - 2022-01-17 20:45 - 000000266 __RSH C:\ProgramData\ntuser.pol
2022-01-17 19:37 - 2022-01-17 20:43 - 000000000 ____D C:\Users\pc\AppData\Roaming\ca82a716069a53
2022-01-17 19:35 - 2022-01-17 20:43 - 000000000 ____D C:\Users\pc\AppData\Roaming\Green
2022-01-17 19:35 - 2022-01-17 19:35 - 000003576 _____ C:\Windows\system32\Tasks\mjlooy.exe
2022-01-17 19:34 - 2022-01-17 20:43 - 000000000 ____D C:\Users\pc\AppData\LocalLow\fB9oV
2022-01-17 19:34 - 2022-01-17 19:36 - 000000000 ____D C:\ProgramData\3AXVQBL3NYEOKCB7WSKHUWU0H
2022-01-17 19:34 - 2022-01-17 19:34 - 002818640 _____ C:\Users\pc\AppData\Roaming\6753253.exe
2022-01-17 19:34 - 2022-01-17 19:34 - 002818640 _____ C:\Users\pc\AppData\Roaming\5939593.exe
2022-01-17 19:34 - 2022-01-17 19:34 - 000419015 _____ C:\Users\pc\AppData\LocalLow\gqTw5q7XGxD.zip
2022-01-17 19:34 - 2022-01-17 19:34 - 000000000 ____D C:\Users\pc\AppData\LocalLow\discord_files
2022-01-17 19:34 - 2022-01-17 19:34 - 000000000 ____D C:\Users\pc\AppData\Local\Yandex
2022-01-17 19:34 - 2022-01-17 19:34 - 000000000 ____D C:\ProgramData\P14J04FARBOIIE2UXEHED2K41
2022-01-17 19:34 - 2022-01-17 19:34 - 002818640 _____ () C:\Users\pc\AppData\Roaming\5939593.exe
2022-01-17 19:34 - 2022-01-17 19:34 - 002818640 _____ () C:\Users\pc\AppData\Roaming\6753253.exe
CustomCLSID: HKU\S-1-5-21-1789183414-2172948479-87873014-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\pc\AppData\Local\Microsoft\OneDrive\21.245.1128.0002\FileSyncShell64.dll => Brak pliku
CustomCLSID: HKU\S-1-5-21-1789183414-2172948479-87873014-1001_Classes\CLSID\{20894375-46AE-46E2-BAFD-CB38975CDCE6}\InprocServer32 -> C:\Users\pc\AppData\Local\Microsoft\OneDrive\21.245.1128.0002\FileSyncShell64.dll => Brak pliku
CustomCLSID: HKU\S-1-5-21-1789183414-2172948479-87873014-1001_Classes\CLSID\{47E6DCAF-41F8-441C-BD0E-A50D5FE6C4D1}\localserver32 -> "C:\Users\pc\AppData\Local\Microsoft\OneDrive\21.245.1128.0002\Microsoft.SharePoint.exe" => Brak pliku
CustomCLSID: HKU\S-1-5-21-1789183414-2172948479-87873014-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\pc\AppData\Local\Microsoft\OneDrive\21.245.1128.0002\FileSyncShell64.dll => Brak pliku
CustomCLSID: HKU\S-1-5-21-1789183414-2172948479-87873014-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\pc\AppData\Local\Microsoft\OneDrive\21.245.1128.0002\FileSyncShell64.dll => Brak pliku
CustomCLSID: HKU\S-1-5-21-1789183414-2172948479-87873014-1001_Classes\CLSID\{917E8742-AA3B-7318-FA12-10485FB322A2}\localserver32 -> "C:\Users\pc\AppData\Local\Microsoft\OneDrive\21.245.1128.0002\Microsoft.SharePoint.exe" => Brak pliku
IE trusted site: HKU\S-1-5-21-1789183414-2172948479-87873014-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1789183414-2172948479-87873014-1001\...\webcompanion.com -> hxxp://webcompanion.com
FirewallRules: [TCP Query User{76DDBA30-A009-4DCD-A191-4CFB0E9705D5}C:\users\pc\appdata\local\programs\opera gx\78.0.4093.153\opera.exe] => (Allow) C:\users\pc\appdata\local\programs\opera gx\78.0.4093.153\opera.exe => Brak pliku
FirewallRules: [UDP Query User{45371DD2-9914-4EA7-9688-30BA077CA126}C:\users\pc\appdata\local\programs\opera gx\78.0.4093.153\opera.exe] => (Allow) C:\users\pc\appdata\local\programs\opera gx\78.0.4093.153\opera.exe => Brak pliku
FirewallRules: [TCP Query User{B58B1759-F76B-4994-AEF7-3E0E3598BEEC}F:\gry\jowood\gothic ii\_work\tools\zspy\zspy.exe] => (Allow) F:\gry\jowood\gothic ii\_work\tools\zspy\zspy.exe => Brak pliku
FirewallRules: [UDP Query User{5AD612E7-3EC6-4C2A-9D99-247BC513D701}F:\gry\jowood\gothic ii\_work\tools\zspy\zspy.exe] => (Allow) F:\gry\jowood\gothic ii\_work\tools\zspy\zspy.exe => Brak pliku
FirewallRules: [TCP Query User{ABA14CBE-6FE5-45B2-B57B-A1AF1B4D5C3C}C:\users\pc\appdata\local\programs\opera gx\78.0.4093.186\opera.exe] => (Allow) C:\users\pc\appdata\local\programs\opera gx\78.0.4093.186\opera.exe => Brak pliku
FirewallRules: [UDP Query User{8A3B13C2-1BA5-4F24-982D-ADC69C4124F1}C:\users\pc\appdata\local\programs\opera gx\78.0.4093.186\opera.exe] => (Allow) C:\users\pc\appdata\local\programs\opera gx\78.0.4093.186\opera.exe => Brak pliku
FirewallRules: [TCP Query User{854AAF2B-3565-4232-A2F7-C447E7F7438D}C:\users\pc\appdata\local\programs\opera gx\78.0.4093.214\opera.exe] => (Block) C:\users\pc\appdata\local\programs\opera gx\78.0.4093.214\opera.exe => Brak pliku
FirewallRules: [UDP Query User{D165A9B4-DCB5-4C12-815F-DAD880E9E134}C:\users\pc\appdata\local\programs\opera gx\78.0.4093.214\opera.exe] => (Block) C:\users\pc\appdata\local\programs\opera gx\78.0.4093.214\opera.exe => Brak pliku
FirewallRules: [{D2BD1E6F-B314-4245-BB49-B8A19C6EDF96}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe => Brak pliku
FirewallRules: [{E6AF91B9-F6F1-47DA-A41E-73BCBDAE3785}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe => Brak pliku
FirewallRules: [{48195D6F-B028-4B04-818E-38D5970DF772}] => (Allow) C:\Program Files (x86)\Overwolf\0.187.1.13\OverwolfBrowser.exe => Brak pliku
FirewallRules: [{438DABC5-A30D-4776-B3BB-638AD50DD695}] => (Allow) C:\Program Files (x86)\Overwolf\0.187.1.13\OverwolfBrowser.exe => Brak pliku
FirewallRules: [{EB524667-3898-4EA7-91BA-5DC22AF8445B}] => (Block) C:\Program Files (x86)\Overwolf\0.187.1.13\OverwolfBrowser.exe => Brak pliku
FirewallRules: [{1F2FACE5-0B03-4B32-8625-D7CA583781A9}] => (Block) C:\Program Files (x86)\Overwolf\0.187.1.13\OverwolfBrowser.exe => Brak pliku
RemoveProxy:
Hosts: