CloseProcesses:
CreateRestorePoint:
EmptyTemp:
HKLM\...\Run: [AMD AVT] => Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files\AMD AVT\bin\kdbsync.exe" aml
HKU\S-1-5-21-1255634179-2396725886-1912766959-1000\...\Policies\Explorer: [HideSCAVolume] 0
HKU\S-1-5-21-1255634179-2396725886-1912766959-1000\...\MountPoints2: {c8fff495-ce18-11e7-b1a0-001fd0366ed0} - J:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1255634179-2396725886-1912766959-1000\...\MountPoints2: {d18efea5-47bd-11e8-b11b-001fd0366ed0} - E:\LG_PC_Programs.exe
HKU\S-1-5-21-1255634179-2396725886-1912766959-1000\...\MountPoints2: {f82725cf-7077-11e7-9215-806e6f6e6963} - E:\FreakOut.exe
HKU\S-1-5-21-1255634179-2396725886-1912766959-1000\...\MountPoints2: {fecea902-a5ff-11e8-b772-001fd0366ed0} - E:\Startme.exe
GroupPolicy: Ograniczenia - Chrome <==== UWAGA
GroupPolicy\User: Ograniczenia ? <==== UWAGA
Tcpip\..\Interfaces\{09C15CB7-8E91-4370-B7D8-F26BDE94D745}: [DhcpNameServer] 185.170.226.34 185.170.226.2
Tcpip\..\Interfaces\{95FD77AB-533C-4E94-82F4-B240824CFE4F}: [NameServer] 8.8.8.8
HKU\S-1-5-21-1255634179-2396725886-1912766959-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://pl.search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10454__180720__yaie
SearchScopes: HKU\S-1-5-21-1255634179-2396725886-1912766959-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://pl.search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10454__180720__yaie&p={searchTerms}
CHR HomePage: Default -> inline.go.mail.ru
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
S3 ACTION_SVC; C:\Program Files\Mirillis\Action!\action_svc.exe [16064 2014-10-25] (Mirillis -> )
S3 mracsvc; C:\Windows\System32\mracsvc.exe [7690000 2018-11-07] (Mail.Ru LLC -> LLC Mail.Ru)
S3 mracdrv; C:\Windows\System32\drivers\mracdrv.sys [6955760 2018-11-07] (Mail.Ru LLC -> LLC Mail.Ru)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2019-02-27 12:42 - 2018-02-23 15:12 - 000000266 __RSH C:\Users\Kondi\ntuser.pol
2019-02-19 17:42 - 2018-04-12 16:59 - 000000266 __RSH C:\Users\Administrator\ntuser.pol
ContextMenuHandlers1: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} =>  -> Brak pliku
ContextMenuHandlers2: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} =>  -> Brak pliku
ContextMenuHandlers4: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} =>  -> Brak pliku
Task: {237C996D-EFC9-4EC9-B99D-1DDAF325FF9B} - System32\Tasks\C826CBD6-27F5-9174-1EE4-5282FAC932B8 => C:\Windows\system32\regsvr32.exe /n /s /i:"/730f1a3cac819b68 /q" "C:\Users\Kondi\AppData\Local\B78503~1\{3FD0E~1." <==== UWAGA
Task: {25019C57-2F26-4459-9BC2-24C3CA36445D} - System32\Tasks\{009FEB12-6A01-47C3-B4B5-E1F40F182A95} => D:\Program Files\Gry.!\PES\pes2010 (2).exe
Task: {45ABAC8E-F58F-4F95-A815-B49E6E45C493} - System32\Tasks\{83B1FEA4-C2E3-4367-A521-937911EFD527} => D:\Program Files\Gry.!\Pro Evolution Soccer 2017\PES2017.exe (Konami Digital Entertainment Co., Ltd.) [Brak podpisu cyfrowego]
Task: {541CADA6-46B7-4C7C-8A5C-EBCE2D573552} - System32\Tasks\{5E828DF9-91C1-4E81-967A-E9187C6CFB96} => C:\Program Files\Drakensang Online\thinclient.exe
Task: {55D1E1F1-BDAE-4271-96DC-828D74F05ACF} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe (AVAST Software s.r.o. -> AVAST Software)
Task: {6677C59C-A47A-4B70-9AEB-138DCA3BE93C} - System32\Tasks\{8A9FDECC-DFFF-48D5-8EAD-EFEFC52EA62D} => C:\Windows\system32\pcalua.exe -a K:\install.exe -d K:\
Task: {CD47DF14-EB27-4C9F-B793-9DE763C75AC4} - System32\Tasks\{0853FFC4-F037-4C14-913A-E651E2AAE204} => D:\Program Files\Gry.!\PES\pes2010 (2).exe
HKU\S-1-5-21-1255634179-2396725886-1912766959-1000\Software\Classes\regfile: regedit.exe "%1" <==== UWAGA
IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-1255634179-2396725886-1912766959-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1255634179-2396725886-1912766959-1000\...\webcompanion.com -> hxxp://webcompanion.com
FirewallRules: [TCP Query User{769F6891-98A5-4421-AB91-C90C96814641}C:\programdata\sony mobile\update engine\{42064ba6-9587-44c9-af64-683abee198c7}\sony mobile update engine.exe] => (Allow) C:\programdata\sony mobile\update engine\{42064ba6-9587-44c9-af64-683abee198c7}\sony mobile update engine.exe Brak pliku
FirewallRules: [UDP Query User{2A8C2553-6912-427D-8B7D-178BA169AE0C}C:\programdata\sony mobile\update engine\{42064ba6-9587-44c9-af64-683abee198c7}\sony mobile update engine.exe] => (Allow) C:\programdata\sony mobile\update engine\{42064ba6-9587-44c9-af64-683abee198c7}\sony mobile update engine.exe Brak pliku
FirewallRules: [TCP Query User{1125ED42-6DF6-4B72-8817-FC99070A405F}C:\users\kondi\appdata\local\gamecenter\gamecenter.exe] => (Allow) C:\users\kondi\appdata\local\gamecenter\gamecenter.exe (Mail.Ru, LLC -> )
FirewallRules: [UDP Query User{035378B2-9B2F-48BE-B6B9-31E54AC412A9}C:\users\kondi\appdata\local\gamecenter\gamecenter.exe] => (Allow) C:\users\kondi\appdata\local\gamecenter\gamecenter.exe (Mail.Ru, LLC -> )
FirewallRules: [TCP Query User{24996DA3-CC3F-4B35-AAA2-B3B70CB41D31}D:\mygames\warface my.com\bin32release\game.exe] => (Allow) D:\mygames\warface my.com\bin32release\game.exe (Mail.Ru, LLC -> Crytek GmbH)
FirewallRules: [UDP Query User{C7B18632-36CB-477D-A63E-07B7532C9099}D:\mygames\warface my.com\bin32release\game.exe] => (Allow) D:\mygames\warface my.com\bin32release\game.exe (Mail.Ru, LLC -> Crytek GmbH)
FirewallRules: [TCP Query User{276D5288-2E19-4A70-86A6-A37A44B4E9E0}C:\program files\java\jre1.8.0_191\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_191\bin\javaw.exe
FirewallRules: [UDP Query User{F336B9C7-1FEB-40A5-9529-4AE2A1672BFA}C:\program files\java\jre1.8.0_191\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_191\bin\javaw.exe
C:\Users\Administrator\Desktop\Prisoner of War.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Manager.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual Audio Cable\Audio Repeater (KS).lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual Audio Cable\Audio Repeater (MME).lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual Audio Cable\Control panel.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual Audio Cable\Homepage.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual Audio Cable\License Agreement.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual Audio Cable\Readme.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual Audio Cable\Uninstall Virtual Audio Cable.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual Audio Cable\User manual.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shaq Fu A Legend Reborn Barack Fu\Shaq Fu A Legend Reborn Barack Fu.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shaq Fu A Legend Reborn Barack Fu\Uninstall Shaq Fu A Legend Reborn Barack Fu.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie\Odinstaluj Sandboxie.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RAR Password Recovery\RAR Password Recovery Help.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RAR Password Recovery\RAR Password Recovery.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RAR Password Recovery\Uninstall RAR Password Recovery.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag\Historia wersji.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag\Mp3tag.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag\Pomoc dla Mp3tag (w jęz. angielskim).lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3\Mp3Doctor.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3\Mp3DoctorPRO.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends\League of Legends.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends\Uninstall League of Legends.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line\FL Studio 12.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Codemasters\POW\Prisoner of War.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Codemasters\POW\Readme.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Codemasters\POW\Codemasters Videos\IGI2.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Codemasters\POW\Codemasters Videos\Operation Flashpoint.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandicam\Bandicam (Non Admin).lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandicam\Bandicam.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandicam\BandiFix.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandicam\Uninstall.lnk
C:\Users\Kondi\Desktop\DFX — skrót.lnk
C:\Users\Kondi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
C:\Users\Kondi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TechPowerUp GPU-Z\TechPowerUp GPU-Z.lnk
C:\Users\Kondi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TechPowerUp GPU-Z\Uninstall.lnk
C:\Users\Kondi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivaTuner Statistics Server\ReadMe.lnk
C:\Users\Kondi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivaTuner Statistics Server\RivaTuner Statistics Server.lnk
C:\Users\Kondi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivaTuner Statistics Server\Uninstall.lnk
C:\Users\Kondi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivaTuner Statistics Server\SDK\RivaTuner Statistics Server localization reference.lnk
C:\Users\Kondi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivaTuner Statistics Server\SDK\RivaTuner Statistics Server skin format reference.lnk
C:\Users\Kondi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivaTuner Statistics Server\SDK\Samples.lnk
C:\Users\Kondi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overwolf\TeamSpeak.lnk
C:\Users\Kondi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\FL Studio 12.lnk
C:\Users\Kondi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2\ASIO4ALL v2 Instruction Manual.lnk
C:\Users\Kondi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2\ASIO4ALL v2 Off-Line Settings.lnk
C:\Users\Kondi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2\ASIO4ALL Web Site.lnk
C:\Users\Kondi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2\Uninstall.lnk
C:\Users\Kondi\AppData\Roaming\Microsoft\Windows\SendTo\Android (ALLPlayer Pilot).lnk
C:\Users\Kondi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Xanthia AutoPatcher Created by Sherer.lnk
C:\Users\Kondi\AppData\Local\Microsoft\Windows\GameExplorer\{C18BCB08-E95A-4554-AF99-F178D92FA5E9}\PlayTasks\0\Zagraj.lnk
C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
C:\Users\Kondi\Desktop\Warface.url
C:\Users\Kondi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My.com Games\Warface My.Com\Uninstall Warface My.Com.url
C:\Users\Kondi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My.com Games\Warface My.Com\Warface My.Com.url
C:\Users\Kondi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My.com Games\Warface My.Com\Warface.url
C:\Users\Kondi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My.com Games\Warface My.Com\Удалить Warface.url
RemoveProxy: