SystemRestore: On
CreateRestorePoint:
CloseProcesses:
EmptyTemp:
File: C:\Users\rafal\AppData\Local\ypsx_cloud_v2\rhc.exe
File: C:\Users\rafal\AppData\Local\ypsx_cloud_v2\wdcloud_v2.exe
Task: {0ADCFFAC-CD2A-42D1-9A12-21D4D2FFD6EE} - System32\Tasks\WDNA => rhc.exe  -> php.exe index.php
Task: {AD1F90C4-8886-4868-97E8-20F5A9EBAB57} - System32\Tasks\WDNA_LG => Command(1): rhc.exe -> php.exe include.php <==== UWAGA
Task: {AD1F90C4-8886-4868-97E8-20F5A9EBAB57} - System32\Tasks\WDNA_LG => Command(2): rhc.exe -> php.exe index.php <==== UWAGA
Task: {419AE415-FEB6-4E09-9536-1E45E821212C} - System32\Tasks\YTPX Cloud LG => C:\Users\rafal\AppData\Local\ypsx_cloud_v2\rhc.exe [1536 2023-08-14] () [Brak podpisu cyfrowego] -> wdcloud_v2.exe <==== UWAGA
Task: {64AF9DDC-91DA-4745-B8B9-21D83DD94936} - System32\Tasks\YTPXCheck => rhc.exe  -> php.exe keep_play.php
Task: {F4B695B7-72AA-44C0-AAF2-B3AFBF743588} - System32\Tasks\YTPXCheck LG => rhc.exe  -> php.exe keep_play.php
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini:B1DA6C571C [3442]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [10292]
HKU\S-1-5-21-1705589361-728360065-3321163868-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.gazeta.pl/0,0.html?p=190
2023-08-14 14:51 - 2023-08-14 14:51 - 000003820 _____ C:\Windows\system32\Tasks\YTPXCheck
2023-08-14 14:51 - 2023-08-14 14:51 - 000003382 _____ C:\Windows\system32\Tasks\YTPX Cloud LG
2023-08-14 14:51 - 2023-08-14 14:51 - 000003364 _____ C:\Windows\system32\Tasks\YTPXCheck LG
2023-08-14 14:51 - 2023-08-14 14:51 - 000000000 ____D C:\Users\rafal\AppData\Local\ypsx_cloud_v2
2023-08-12 14:48 - 2023-08-15 18:13 - 000003796 _____ C:\Windows\system32\Tasks\WDNA
2023-08-12 14:48 - 2023-08-12 14:48 - 000003758 _____ C:\Windows\system32\Tasks\WDNA_LG
2023-08-12 14:48 - 2023-08-12 14:48 - 000000000 ____D C:\Users\rafal\AppData\Roaming\johnsadventures.com
2023-08-12 14:48 - 2023-08-12 14:48 - 000000000 ____D C:\Users\rafal\AppData\Local\johnsadventures.com
FirewallRules: [TCP Query User{FC5837F3-3A2D-4AA5-BFFE-A2453655A952}C:\users\rafal\appdata\local\discord\app-1.0.9010\discord.exe] => (Allow) C:\users\rafal\appdata\local\discord\app-1.0.9010\discord.exe => Brak pliku
FirewallRules: [UDP Query User{A0BEB211-34A8-45BC-8760-C398B88D773D}C:\users\rafal\appdata\local\discord\app-1.0.9010\discord.exe] => (Allow) C:\users\rafal\appdata\local\discord\app-1.0.9010\discord.exe => Brak pliku
FirewallRules: [TCP Query User{CDEF4D75-D8FB-4104-B346-C277478DAFEB}D:\diablo iv - beta\diablo iv.exe] => (Allow) D:\diablo iv - beta\diablo iv.exe => Brak pliku
FirewallRules: [UDP Query User{D19502E7-034F-433C-BEC5-EE21983E51BE}D:\diablo iv - beta\diablo iv.exe] => (Allow) D:\diablo iv - beta\diablo iv.exe => Brak pliku
FirewallRules: [{197F71DA-303B-44BA-AE15-ACCD7E670693}] => (Block) D:\diablo iv - beta\diablo iv.exe => Brak pliku
FirewallRules: [{1192CD11-1EF0-4A2A-9880-6D722304EBAB}] => (Block) D:\diablo iv - beta\diablo iv.exe => Brak pliku
FirewallRules: [TCP Query User{1558D4D5-EE42-4C35-B906-04618F7DD3C6}D:\pobrane pliki\frozenheim archetypes-goldberg\frozenheim.archetypes-goldberg\frozenheim\binaries\win64\frozenheim-win64-shipping.exe] => (Allow) D:\pobrane pliki\frozenheim archetypes-goldberg\frozenheim.archetypes-goldberg\frozenheim\binaries\win64\frozenheim-win64-shipping.exe => Brak pliku
FirewallRules: [UDP Query User{564F229B-7D29-4586-ADDB-FBB3E47456CD}D:\pobrane pliki\frozenheim archetypes-goldberg\frozenheim.archetypes-goldberg\frozenheim\binaries\win64\frozenheim-win64-shipping.exe] => (Allow) D:\pobrane pliki\frozenheim archetypes-goldberg\frozenheim.archetypes-goldberg\frozenheim\binaries\win64\frozenheim-win64-shipping.exe => Brak pliku
FirewallRules: [{A3E4B43B-DABA-47E9-8436-A110B444BD75}] => (Block) D:\pobrane pliki\frozenheim archetypes-goldberg\frozenheim.archetypes-goldberg\frozenheim\binaries\win64\frozenheim-win64-shipping.exe => Brak pliku
FirewallRules: [{086B864E-DEB8-4AB5-8CD3-9D9793C24D9E}] => (Block) D:\pobrane pliki\frozenheim archetypes-goldberg\frozenheim.archetypes-goldberg\frozenheim\binaries\win64\frozenheim-win64-shipping.exe => Brak pliku
FirewallRules: [TCP Query User{10FC3551-5069-4C80-9EF6-C9F5B9BEE432}D:\uncharted 4 legacy of thieves collection\u4.exe] => (Allow) D:\uncharted 4 legacy of thieves collection\u4.exe => Brak pliku
FirewallRules: [UDP Query User{4DBD4122-160E-4547-9A11-53E7A957C1F2}D:\uncharted 4 legacy of thieves collection\u4.exe] => (Allow) D:\uncharted 4 legacy of thieves collection\u4.exe => Brak pliku
FirewallRules: [{83765A1C-D2EB-4A0D-9973-E64823F925D8}] => (Block) D:\uncharted 4 legacy of thieves collection\u4.exe => Brak pliku
FirewallRules: [{52E796DC-BD50-4DDE-8D6B-7D587556F88F}] => (Block) D:\uncharted 4 legacy of thieves collection\u4.exe => Brak pliku
FirewallRules: [TCP Query User{89497D87-B253-46AA-AD40-F9E0AABAB2F2}D:\uncharted 4 legacy of thieves collection\tll.exe] => (Allow) D:\uncharted 4 legacy of thieves collection\tll.exe => Brak pliku
FirewallRules: [UDP Query User{CDA31E25-D102-4E09-8C79-BCEAC132643A}D:\uncharted 4 legacy of thieves collection\tll.exe] => (Allow) D:\uncharted 4 legacy of thieves collection\tll.exe => Brak pliku
FirewallRules: [{E44671D5-990B-4CA2-A8B7-D5ABDAD28A04}] => (Block) D:\uncharted 4 legacy of thieves collection\tll.exe => Brak pliku
FirewallRules: [{71F124AB-E2D6-402D-BDCA-79F4EB234114}] => (Block) D:\uncharted 4 legacy of thieves collection\tll.exe => Brak pliku
FirewallRules: [TCP Query User{F0485304-89C6-4B26-97E8-3C398A8D41B6}C:\riot games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot client\riotclientservices.exe => Brak pliku
FirewallRules: [UDP Query User{9EEB7FE8-0DB3-4D34-8318-62E44055B3A8}C:\riot games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot client\riotclientservices.exe => Brak pliku
FirewallRules: [{EC71C1A5-D4A6-4931-AAC2-EDE588207C8A}] => (Block) C:\riot games\riot client\riotclientservices.exe => Brak pliku
FirewallRules: [{59AFA6C3-9CC4-4500-A560-96581E57F9DB}] => (Block) C:\riot games\riot client\riotclientservices.exe => Brak pliku
HKU\S-1-5-21-1705589361-728360065-3321163868-1001\...\Run: [ProductAuthenticationService] => C:\Users\rafal\AppData\Roaming\ProductAuthenticationService\pas.exe [1003024 2023-02-18] (DVJ LIMITED -> DVJ LIMITED) <==== UWAGA
HKU\S-1-5-21-1705589361-728360065-3321163868-1001\...\Run: [RiotClient] => C:\Riot Games\Riot Client\RiotClientServices.exe --launch-background-mode (Brak pliku)
HKU\S-1-5-21-1705589361-728360065-3321163868-1001\...\MountPoints2: {aaeb104a-938f-11ed-aca6-806e6f6e6963} - "K:\LaunchU3.exe" -a
HKU\S-1-5-21-1705589361-728360065-3321163868-1002\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Users\rafal_2pz6a8w\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (Brak pliku)
HKU\S-1-5-21-1705589361-728360065-3321163868-1002\...\RunOnce: [Uninstall 21.220.1024.0005\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\rafal_2pz6a8w\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\amd64" [0 2023-01-25] () <==== UWAGA [zerobajtowy plik/folder]
HKU\S-1-5-21-1705589361-728360065-3321163868-1002\...\RunOnce: [Uninstall 21.220.1024.0005] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\rafal_2pz6a8w\AppData\Local\Microsoft\OneDrive\21.220.1024.0005" [0 2023-01-25] () <==== UWAGA [zerobajtowy plik/folder]
Task: {190BB177-41AC-400D-A81F-E1BE6908F024} - System32\Tasks\svcupdater => C:\Users\rafal\AppData\Roaming\Win32Sync\svcupdater.exe [1617454080 2023-02-18] (Auslogics) [Brak podpisu cyfrowego] <==== UWAGA
Task: {AD1F90C4-8886-4868-97E8-20F5A9EBAB57} - System32\Tasks\WDNA_LG => Command(1): rhc.exe -> php.exe include.php <==== UWAGA
Task: {AD1F90C4-8886-4868-97E8-20F5A9EBAB57} - System32\Tasks\WDNA_LG => Command(2): rhc.exe -> php.exe index.php <==== UWAGA
Task: {419AE415-FEB6-4E09-9536-1E45E821212C} - System32\Tasks\YTPX Cloud LG => C:\Users\rafal\AppData\Local\ypsx_cloud_v2\rhc.exe [1536 2023-08-14] () [Brak podpisu cyfrowego] -> wdcloud_v2.exe <==== UWAGA
Tcpip\..\Interfaces\{d092d774-d3a5-4913-9cd6-1e89324e5aa5}: [DhcpNameServer] 192.168.1.1
S3 EAAntiCheat; system32\drivers\eaanticheat.sys [X]
CMD: dir /a "C:\Users\rafal\AppData\Roaming"
CMD: dir /a "C:\Users\rafal\AppData\Local"