CloseProcesses:
CreateRestorePoint:
EmptyTemp:
HKU\S-1-5-21-2685244527-3039800623-3960885140-1001\...\MountPoints2: {0b14a013-549c-11e9-a380-e0d55e40a475} - "E:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-2685244527-3039800623-3960885140-1001\...\MountPoints2: {80fab786-517f-11e9-a37d-e0d55e40a475} - "E:\OnePlus_setup.exe" /s
Task: {8161275E-67A5-40C0-9D6E-9A5A89E5216F} - System32\Tasks\R@1n-KMS\Windows64Professional => wmic path SoftwareLicensingProduct where (ID="2de67392-b7a7-462a-b1ca-108dd189f588") call Activate
Task: {ABFE607E-4FFD-4F76-82BE-5E5D82047435} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Tcpip\..\Interfaces\{0810c8b8-0fb9-45d0-b4b8-da36ce7dbc44}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{2d051418-e4bf-4cd3-b542-54804b10ba51}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{4904d821-7af7-436f-96fe-362c430a73f9}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{d9bcd810-1946-4858-ba2c-5076b7919088}: [DhcpNameServer] 192.168.42.129
HKU\S-1-5-21-2685244527-3039800623-3960885140-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.interia.pl/#utm_source=instalki3&utm_medium=installer&utm_campaign=instalki3&iwa_source=installer_instalki3
CHR HomePage: Default -> hxxp://www.gazeta.pl/0,0.html?p=190
CHR StartupUrls: Default -> "hxxp://www.gazeta.pl/0,0.html?p=190","hxxp://www.gazeta.pl/0,0.html?p=190"
S2 KMS-R@1n; C:\Windows\KMS-R@1n.exe [26112 2017-12-27] () [File not signed]
S3 Dugeiqshou; \??\C:\WINDOWS\system32\Dugeiqshou.sys [X]
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
AlternateDataStreams: C:\Users\DARKKKKIS\AppData\Local\Temp:$DATA​ [16]
AlternateDataStreams: C:\Users\Public\AppData:CSM [478]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [462]
FirewallRules: [{960E892C-5C2E-4491-B9CD-34E99185FC9E}] => (Allow) C:\Windows\KMS-R@1n.exe () [File not signed]
FirewallRules: [{3F8C4CDE-9CAC-4D7A-8299-74928B641DB7}] => (Allow) C:\Windows\KMS-R@1n.exe () [File not signed]
FirewallRules: [{34157C9B-B607-414E-9D61-5A6042B2295A}] => (Allow) C:\Program Files\Lightworks\ntcardvt.exe No File
FirewallRules: [{9F71D3D0-663C-432E-9FA7-90A87C84C336}] => (Allow) C:\Program Files\Lightworks\ntcardvt.exe No File
FirewallRules: [{81E2AF3D-6262-401B-9D72-A776D41E20D5}] => (Allow) LPort=8319
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightworks\Uninstall Lightworks.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios\Hi-Rez Diagnostics and Support.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios\Uninstall All Hi-Rez Games.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA\BioWare\Star Wars - The Old Republic\Star Wars - The Old Republic.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA\BioWare\Star Wars - The Old Republic\SWTOR Customer Support.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA\BioWare\Star Wars - The Old Republic\View Readme.lnk
C:\Users\DARKKKKIS\Desktop\WSZYSTKO ALL ALL ALL\27067008_2517945808344326_651484183606232678_n — skrót.lnk
C:\Users\DARKKKKIS\Desktop\WSZYSTKO ALL ALL ALL\Bezpieczne pieniądze.lnk
RemoveProxy: