CreateRestorePoint:
CloseProcesses:
EmptyTemp:
File: C:\Users\Robert\AppData\Roaming\taskmgr.js
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA
HKU\S-1-5-21-3202352023-882103627-2192076742-1001\...\Run: [taskmgr] => wscript.exe //B "C:\Users\Robert\AppData\Roaming\taskmgr.js"
HKU\S-1-5-21-3202352023-882103627-2192076742-1001\...\RunOnce: [Uninstall 22.002.0103.0004] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Robert\AppData\Local\Microsoft\OneDrive\22.002.0103.0004"
HKU\S-1-5-21-3202352023-882103627-2192076742-1001\...\MountPoints2: {8fab502d-9790-11eb-bab8-04ed33e8840a} - "C:\Windows\system32\RunDLL32.EXE" Shell32.DLL,ShellExec_RunDLL D:\autorun.exe /auto
Startup: C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\taskmgr.js [2020-09-28] () [Brak podpisu cyfrowego]
GroupPolicy: Ograniczenia ? <==== UWAGA
Policies: C:\ProgramData\NTUSER.pol: Ograniczenia <==== UWAGA
Tcpip\..\Interfaces\{4a12ca48-d1fe-4109-913f-2eb28f832283}: [DhcpNameServer] 192.168.0.254
Tcpip\..\Interfaces\{e0b5de06-808d-40ef-a342-6878320e0abe}: [DhcpNameServer] 192.168.33.1
2021-03-01 19:32 - 2020-09-28 03:41 - 000976800 ___SH () C:\Users\Robert\AppData\Roaming\taskmgr.js
CustomCLSID: HKU\S-1-5-21-3202352023-882103627-2192076742-1001_Classes\CLSID\{E28AEE99-A76C-035B-F6AE-DC54C4EDE3D1}\InprocServer32 -> C:\Program Files (x86)\Common Files\System\ole32.dll => Brak pliku
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [7824]
IE trusted site: HKU\S-1-5-21-3202352023-882103627-2192076742-1001\...\sharepoint.com -> hxxps://sp171wes-files.sharepoint.com
FirewallRules: [{2F656310-276B-43EC-B391-66E9E6713150}] => (Allow) K:\PROGRAMY\ON1\ON1 Portrait AI 2021\on1capture.exe => Brak pliku
FirewallRules: [{DA29BA8B-E967-4001-93D8-E94CE2FB9043}] => (Allow) K:\PROGRAMY\ON1\ON1 Portrait AI 2021\on1capture.exe => Brak pliku
Hosts:
RemoveProxy: