CloseProcesses:
CreateRestorePoint:
EmptyTemp:
CustomCLSID: HKU\S-1-5-21-2294837319-2086128959-3606546629-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\szyme\AppData\Local\Microsoft\OneDrive\17.005.0107.0008\amd64\FileSyncShell64.dll => Brak pliku
CustomCLSID: HKU\S-1-5-21-2294837319-2086128959-3606546629-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\szyme\AppData\Local\Microsoft\OneDrive\17.005.0107.0008\amd64\FileSyncShell64.dll => Brak pliku
CustomCLSID: HKU\S-1-5-21-2294837319-2086128959-3606546629-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\szyme\AppData\Local\Microsoft\OneDrive\17.005.0107.0008\amd64\FileSyncShell64.dll => Brak pliku
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Brak pliku
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Brak pliku
HKLM\...\Run: [SERVICE] => [X]
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA
HKU\S-1-5-21-2294837319-2086128959-3606546629-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> 
GroupPolicy: Ograniczenia - Windows Defender <==== UWAGA
Tcpip\..\Interfaces\{3fee78db-9095-4393-bf0d-77c87ed400a3}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{3fee78db-9095-4393-bf0d-77c87ed400a3}: [DhcpNameServer] 217.113.224.36 217.113.224.134
Tcpip\..\Interfaces\{9f3e2be2-b180-4782-967d-2cbbdd57bcbf}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{f7bf1b3a-1ece-11e8-a97d-806e6f6e6963}: [NameServer] 8.8.8.8
SearchScopes: HKU\S-1-5-21-2294837319-2086128959-3606546629-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
"pylsoxbh" => serwis nie został odblokowany. <==== UWAGA
R5 pylsoxbh;  <==== UWAGA: Zablokowana usługa
VirusTotal: C:\Windows\system32\Drivers\njjywdfq.sys
Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"}
CMD: ipconfig /flushdns