CloseProcesses:
CreateRestorePoint:
EmptyTemp:
HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA
HKU\S-1-5-21-4167625086-3165384033-634236210-1002\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [8160856 2020-06-28] (LAVASOFT SOFTWARE CANADA INC -> Lavasoft)
HKU\S-1-5-21-4167625086-3165384033-634236210-1002\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-4167625086-3165384033-634236210-1002\...\MountPoints2: {41f44b65-aedb-11ea-ac96-d05099405892} - "F:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-4167625086-3165384033-634236210-1002\...\MountPoints2: {6b009157-cb57-11ea-ace0-806e6f6e6963} - "D:\autorun.exe" 
HKU\S-1-5-21-4167625086-3165384033-634236210-1002\...\MountPoints2: {d231af91-bbf7-11ea-acb6-d05099405892} - "F:\setup.exe" 
GroupPolicy: Ograniczenia ? <==== UWAGA
Policies: C:\ProgramData\NTUSER.pol: Ograniczenia <==== UWAGA
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Ograniczenia <==== UWAGA
HKLM\SOFTWARE\Policies\Google: Ograniczenia <==== UWAGA
Task: {151C7802-CE13-4D34-A3DA-81BBE8F6AE0A} - System32\Tasks\SmartGameBooster SkipUAC (1) => C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.0.1\SgbMain.exe [5653560 2020-12-23] (Chengdu Zhagu Technology Co., Ltd. -> Smart Game Booster)
Task: {ACA3C76D-A2F2-4548-8997-FD58C0E3E42E} - System32\Tasks\Opera scheduled Autoupdate 1595543150 => C:\Users\2\AppData\Local\Programs\Opera\launcher.exe [1776664 2020-12-16] (Opera Software AS -> Opera Software)
Task: {F1E7742D-579A-4F45-A753-925FAB1FF387} - System32\Tasks\SmartGameBooster Update => C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.0.1\SgbUpdater.exe [2812472 2020-11-25] (Chengdu Zhagu Technology Co., Ltd. -> Smart Game Booster)
Tcpip\..\Interfaces\{871dd103-63e1-418e-90d2-d1952ec86ce6}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{cf0088a2-9fe8-4978-87c8-6661102eab9c}: [DhcpNameServer] 192.168.43.1
FF Plugin HKU\S-1-5-21-4167625086-3165384033-634236210-1002: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [Brak pliku]
CHR Extension: (Social Blade) - C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfidkbgamfhdgmedldkagjopnbobdmdn [2020-06-12] [UpdateUrl:hxxps://addon.socialblade.com/updates.json] <==== UWAGA
R2 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [29272 2020-06-28] (LAVASOFT SOFTWARE CANADA INC -> )
U4 AppMgmt; Brak ImagePath
U4 CscService; Brak ImagePath
S3 MpKslf4982a0e; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{225844DC-696E-4859-942A-456D37C26256}\MpKslDrv.sys [X]
U4 napagent; Brak ImagePath
U4 PeerDistSvc; Brak ImagePath
2021-01-05 10:34 - 2021-01-05 10:34 - 000000000 ____D C:\Users\1\AppData\LocalLow\nb98wqnehe8bw89hb
2021-01-05 10:33 - 2021-01-05 10:33 - 000001111 _____ C:\Users\1\_readme.txt
2021-01-05 10:32 - 2021-01-05 10:32 - 000000014 _____ C:\ProgramData\kaosdma.txt
2021-01-05 10:32 - 2021-01-05 10:32 - 000000000 ____D C:\Users\1\AppData\LocalLow\pF2qC1gG7yH8hI1o
2021-01-05 10:32 - 2021-01-05 10:32 - 000000000 ____D C:\Users\1\AppData\Local\Cesar
2021-01-05 10:31 - 2021-01-05 10:31 - 000000558 _____ C:\Users\1\AppData\Local\bowsakkdestx.txt
2021-01-05 10:31 - 2021-01-05 10:31 - 000000000 ____D C:\Users\Public\Thunder Network
2021-01-05 10:31 - 2021-01-05 10:31 - 000000000 ____D C:\ProgramData\XCWI0TKOQOTLXLE7I0Q40YTKS
2021-01-05 10:31 - 2021-01-05 10:31 - 000000000 ____D C:\ProgramData\Thunder Network
2021-01-05 10:31 - 2021-01-05 10:31 - 000000000 ____D C:\ProgramData\q5w1v6u1y6w1v6u1y6
2021-01-05 10:31 - 2021-01-05 10:31 - 000000000 ____D C:\ProgramData\GI2WVNW5VJ6WT1V6T3E56Y7PN
2021-01-05 10:09 - 2021-01-05 10:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Game Booster
2021-01-05 10:08 - 2021-01-05 10:08 - 058041520 _____ (Smart Game Booster ) C:\Users\1\Downloads\smart_game_booster_setup.exe
2020-12-30 16:58 - 2020-12-30 16:58 - 000000266 __RSH C:\ProgramData\ntuser.pol
CMD: type "C:\ProgramData\kaosdma.txt"
CMD: type "C:\Users\1\_readme.txt"
CloseProcesses:
CreateRestorePoint:
EmptyTemp:
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Brak pliku
AlternateDataStreams: C:\Users\2\Desktop\1.jpeg:3or4kl4x13tuuug3Byamue2s4b [89]
AlternateDataStreams: C:\Users\2\Desktop\1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\2\Desktop\2.jpeg:3or4kl4x13tuuug3Byamue2s4b [89]
AlternateDataStreams: C:\Users\2\Desktop\2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\2\Desktop\kwalifik.jpeg:3or4kl4x13tuuug3Byamue2s4b [89]
AlternateDataStreams: C:\Users\2\Desktop\kwalifik.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\2\Desktop\skan1.jpeg:3or4kl4x13tuuug3Byamue2s4b [89]
AlternateDataStreams: C:\Users\2\Desktop\skan1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\2\Desktop\skan2.jpeg:3or4kl4x13tuuug3Byamue2s4b [89]
AlternateDataStreams: C:\Users\2\Desktop\skan2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\2\Desktop\skan3.jpeg:3or4kl4x13tuuug3Byamue2s4b [89]
AlternateDataStreams: C:\Users\2\Desktop\skan3.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\2\Desktop\swiadecrtwo 2.jpeg:3or4kl4x13tuuug3Byamue2s4b [89]
AlternateDataStreams: C:\Users\2\Desktop\swiadecrtwo 2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\2\Desktop\swiadectwo 4.jpeg:3or4kl4x13tuuug3Byamue2s4b [89]
AlternateDataStreams: C:\Users\2\Desktop\swiadectwo 4.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\2\Desktop\świadectwo 1.jpeg:3or4kl4x13tuuug3Byamue2s4b [89]
AlternateDataStreams: C:\Users\2\Desktop\świadectwo 1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\2\Desktop\świadectwo 4.jpeg:3or4kl4x13tuuug3Byamue2s4b [89]
AlternateDataStreams: C:\Users\2\Desktop\świadectwo 4.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
HKU\S-1-5-21-4167625086-3165384033-634236210-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://securesearch.org/homepage?hp=2&pId=BT171101&iDate=2020-06-28 11:20:17&bName=
IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-4167625086-3165384033-634236210-1002\...\hola.org -> hxxp://hola.org
IE trusted site: HKU\S-1-5-21-4167625086-3165384033-634236210-1002\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-4167625086-3165384033-634236210-1002\...\webcompanion.com -> hxxp://webcompanion.com
FirewallRules: [{0B03100D-B3FF-4EA1-826B-9A4E6F152987}] => (Allow) LPort=5357
FirewallRules: [{4D437622-DEBE-40B1-96E7-0D24F41993B9}] => (Allow) C:\Users\1\AppData\Local\Temp\download\MiniThunderPlatform.exe (ShenZhen Thunder Networking Technologies Ltd. -> 深圳市迅雷网络技术有限公司)
FirewallRules: [{F20B3CD9-211E-4555-B3EC-F2D5660A3DA9}] => (Allow) C:\Users\1\AppData\Local\Temp\download\MiniThunderPlatform.exe (ShenZhen Thunder Networking Technologies Ltd. -> 深圳市迅雷网络技术有限公司)