CreateRestorePoint:
CloseProcesses:
EmptyTemp:
HKU\S-1-5-21-1006236500-888379816-520501223-1000\...\Run: [Tok-Cirrhatus-2256] => C:\Users\Biauko\AppData\Local\br5535on.exe [45435 2021-04-10] () [Brak podpisu cyfrowego]
HKU\S-1-5-21-1006236500-888379816-520501223-1000\...\Run: [Tok-Cirrhatus] => [X]
Startup: C:\Users\Biauko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Empty.pif [2021-04-10] () [Brak podpisu cyfrowego]
Tcpip\..\Interfaces\{2FA2B8E2-391C-4C65-BB3A-C99F153E0F35}: [DhcpNameServer] 192.168.2.1
2021-04-25 21:03 - 2021-04-25 21:03 - 000000247 _____ C:\Users\Biauko\AppData\Local\Bron.tok.A17.em.bin
2021-04-10 09:37 - 2012-10-24 17:11 - 000045435 ____N C:\Users\Biauko\AppData\Local\winlogon.exe
2021-04-10 09:37 - 2012-10-24 17:11 - 000045435 _____ C:\Users\Biauko\Documents\Documents.exe
2021-04-10 09:37 - 2012-10-24 17:11 - 000045435 _____ C:\Users\Biauko\AppData\Local\csrss.exe
2012-10-24 17:11 - 2021-04-10 09:37 - 000045435 _____ () C:\Users\Biauko\AppData\Local\br5535on.exe
2021-04-25 21:03 - 2021-04-25 21:03 - 000000247 _____ () C:\Users\Biauko\AppData\Local\Bron.tok.A17.em.bin
2012-10-24 17:11 - 2021-04-10 09:37 - 000045435 _____ () C:\Users\Biauko\AppData\Local\csrss.exe
2012-10-24 17:11 - 2021-04-10 09:37 - 000045435 _____ () C:\Users\Biauko\AppData\Local\inetinfo.exe
2021-04-14 14:41 - 2021-04-25 21:20 - 000002522 _____ () C:\Users\Biauko\AppData\Local\JunkAtx.bin
2021-03-17 12:39 - 2021-03-17 12:39 - 000000051 _____ () C:\Users\Biauko\AppData\Local\Kosong.Bron.Tok.txt
2012-10-24 17:11 - 2021-04-10 09:37 - 000045435 _____ () C:\Users\Biauko\AppData\Local\lsass.exe
2012-10-24 17:11 - 2021-04-10 09:37 - 000045435 _____ () C:\Users\Biauko\AppData\Local\services.exe
2012-10-24 17:11 - 2021-04-10 09:37 - 000045435 _____ () C:\Users\Biauko\AppData\Local\smss.exe
2012-10-24 17:11 - 2021-04-10 09:37 - 000045435 _____ () C:\Users\Biauko\AppData\Local\svchost.exe
2012-10-24 17:11 - 2021-04-10 09:37 - 000045435 ____N () C:\Users\Biauko\AppData\Local\winlogon.exe
HKU\S-1-5-21-1006236500-888379816-520501223-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gazeta.pl/0,0.html?p=190
MSCONFIG\startupfolder: C:^Users^Biauko^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Empty.pif => C:\Windows\pss\Empty.pif.Startup
MSCONFIG\startupreg: Tok-Cirrhatus-2256 => "C:\Users\Biauko\AppData\Local\br5535on.exe"
C:\Users\Biauko\AppData\Local\Bron.tok*
FilesInDirectory: C:\Users\User\AppData\Local\*.exe;*.dll;*.ini
FilesInDirectory: C:\Users\User\AppData\Roaming\*.exe;*.dll;*.ini
RemoveProxy:
Hosts: