CloseProcesses:
CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-695630494-1373991946-2647937942-1001\...\Run: [GalaxyClient] => [X]
GroupPolicy: Ograniczenia <==== UWAGA
GroupPolicy\User: Ograniczenia <==== UWAGA
Tcpip\..\Interfaces\{0c8f2784-5211-4d0d-9e2e-0fe8e30e2a06}: [NameServer] 208.67.222.222,208.67.220.220
Tcpip\..\Interfaces\{0c8f2784-5211-4d0d-9e2e-0fe8e30e2a06}: [DhcpNameServer] 192.168.1.1 192.168.1.1
HKU\S-1-5-21-695630494-1373991946-2647937942-1001\Software\Microsoft\Internet Explorer\Main,Start Page = 
SearchScopes: HKU\S-1-5-21-695630494-1373991946-2647937942-1001 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={searchTerms}&fr=ntg&product_id=%7B88230A45-893B-445C-BB84-4D634C1D69E7%7D&gp=811142
SearchScopes: HKU\S-1-5-21-695630494-1373991946-2647937942-1001 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={searchTerms}&fr=ntg&product_id=%7B88230A45-893B-445C-BB84-4D634C1D69E7%7D&gp=811142
Handler: WSISAllmytubechrome - {4724F5AF-4E6D-41CA -  Brak pliku
CHR HomePage: Default -> hxxp://search.conduit.com/?SearchSource=10&ctid=CT2417076
CHR StartupUrls: Default -> "hxxps://www.google.pl/?gws_rd=ssl","hxxps://encrypted.google.com"
CHR DefaultSearchKeyword: Default -> trampoline
CHR HKU\S-1-5-21-695630494-1373991946-2647937942-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx
S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X]
2018-02-08 02:42 - 2018-02-08 18:56 - 000000000 ____D C:\AdwCleaner
Task: {5462D24D-6967-41DB-9EB5-A0910FB3190F} - \kotcatkcomksz -> Brak pliku <==== UWAGA
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
AlternateDataStreams: C:\ProgramData:NT [40]
AlternateDataStreams: C:\ProgramData:NT2 [432]
AlternateDataStreams: C:\Users\All Users:NT [40]
AlternateDataStreams: C:\Users\All Users:NT2 [432]
AlternateDataStreams: C:\Users\gruby:Heroes & Generals [38]
AlternateDataStreams: C:\ProgramData\Dane aplikacji:NT [40]
AlternateDataStreams: C:\ProgramData\Dane aplikacji:NT2 [432]
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT [40]
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT2 [432]
AlternateDataStreams: C:\Users\gruby\Dane aplikacji:NT [40]
AlternateDataStreams: C:\Users\gruby\Dane aplikacji:NT2 [432]
AlternateDataStreams: C:\Users\gruby\AppData\Roaming:NT [40]
AlternateDataStreams: C:\Users\gruby\AppData\Roaming:NT2 [432]
AlternateDataStreams: C:\Users\Public\AppData:CSM [474]
EmptyTemp:
CMD: ipconfig /flushdns
Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"}