start::
CreateRestorePoint:
CloseProcesses:
Hosts:
RemoveProxy:
HKLM\Software\...\Authentication\Credential Providers: [{b84ca702-35a8-4e67-8d2a-6c2807b297d3}] ->
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Task: {82258C8E-FEEE-40BB-95AB-7737076D109C} - System32\Tasks\Trojan Remover => C:\Program Files\Loaris Trojan Remover\ltr.exe
2021-01-16 20:34 - 2021-01-16 20:34 - 000003202 _____ C:\WINDOWS\system32\Tasks\Trojan Remover
2021-01-16 19:42 - 2021-01-16 20:40 - 000000000 ____D C:\Program Files\Loaris Trojan Remover
2021-01-16 19:42 - 2021-01-16 19:42 - 000000000 ____D C:\ProgramData\Loaris
2021-01-16 19:37 - 2021-01-16 19:37 - 001171376 _____ (Loaris LLC) C:\Users\malen_000\Desktop\setup-ltr-ra.exe
2020-12-27 14:39 - 2020-12-09 21:08 - 000000000 ____D C:\Program Files\net.downloadhelper.coapp
HKU\S-1-5-21-930400344-1600436398-98965620-1001\...\StartupApproved\Run: => "GUDelayStartup"
SearchScopes: HKU\S-1-5-21-930400344-1600436398-98965620-1001 -> {78345670-836F-453C-B211-8CF5552F6ED1} URL =
HKLM\...\StartupApproved\Run32: => "HDD Regenerator"
EmptyTemp:
cmd: ipconfig /flushdns
cmd: netsh winsock reset 
cmd: sfc /scannow
end::