CloseProcesses:
CreateRestorePoint:
EmptyTemp:
HKLM-x32\...\Run: [Sidebars] => C:\Users\Paweł\AppData\Roaming\winampes.exe
HKU\S-1-5-21-2240279575-829966702-3946219905-1001\...\MountPoints2: {11725e5c-f15f-11e7-9c0c-00c2c654900b} - "E:\LG_PC_Programs.exe" 
HKU\S-1-5-21-2240279575-829966702-3946219905-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://page-ups.com/all/
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
CHR HomePage: Default -> hxxp://www.mystartsearch.com/?type=hp&ts=1431675387&z=d42be7e299687c5d329d85egez4ccg6q1mcw1c9tae&from=cvs&uid=SAMSUNGXHD103SJ_S246J90ZA30236
CHR StartupUrls: Default -> "hxxp://www.mystartsearch.com/?type=hp&ts=1431675387&z=d42be7e299687c5d329d85egez4ccg6q1mcw1c9tae&from=cvs&uid=SAMSUNGXHD103SJ_S246J90ZA30236","hxxp://www.mystartsearch.com/?type=hppp&ts=1431675412&z=ec1b22d19958d058b048dd8gbz5c4gbqfmcw6z9geq&from=cvs&uid=SAMSUNGXHD103SJ_S246J90ZA30236"
CHR HKU\S-1-5-21-2240279575-829966702-3946219905-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx
VirusTotal: C:\Users\Paweł\Downloads\xjx9qmk2.exe
C:\Users\Paweł\AppData\Local\eIKvIQUXNa.exe
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> Brak pliku
C:\Windows\SysWOW64\pgdaEac.exe
Task: {21245AEC-8D4D-4F85-8F4B-F534C55B2CA9} - System32\Tasks\{AE703D87-F808-4D83-90A1-D87116D548EE} => C:\Windows\SysWOW64\pgdaEac.exe [1623-04-04] (Microsoft Corporation)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Еpic Gamеs Launсher.lnk
AlternateDataStreams: C:\Users\Public\AppData:CSM [470]
HKU\S-1-5-21-2240279575-829966702-3946219905-1001\...\StartupApproved\StartupFolder: => "Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk"
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Еpic Gamеs Launсher.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tekken 7\Tekken 7.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Hacker 2\PE Viewer.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightworks\Uninstall Lightworks.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avidemux (64 bits)\VS Proxy GUI 2.7.lnk
C:\Users\Paweł\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Tekken 7.lnk
Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"}
CMD: ipconfig /flushdns
FilesInDirectory: C:\Users\Paweł\AppData\Local\*.exe;*.dll;*.ini
FilesInDirectory: C:\Users\Paweł\AppData\Roaming\*.exe;*.dll;*.ini