CloseProcesses:
CreateRestorePoint:
EmptyTemp:
VirusTotal: C:\WINDOWS\system32\Drivers\ewdnmowz.sys
VirusTotal: C:\WINDOWS\system32\Drivers\nmnqwshx.sys
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-3206028699-1765535588-2373314373-1001\...\MountPoints2: {71658c0e-36a1-11e8-82d2-40f02f3835be} - "E:\HiSuiteDownLoader.exe" 
ShellExecuteHooks: No Name - {BFD98515-CD74-48A4-98E2-13D209E3EE4F} -  -> No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
FF HKU\S-1-5-21-3206028699-1765535588-2373314373-1001\...\Firefox\Extensions: [acewebextension_unlisted@acestream.org] - C:\Users\Pawelos\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi => not found
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [No File]
FF Plugin HKU\S-1-5-21-3206028699-1765535588-2373314373-1001: @acestream.net/acestreamplugin,version=3.1.12.1 -> C:\Users\Pawelos\AppData\Roaming\ACEStream\player\npace_plugin.dll [No File]
CHR res: Infected resources.pak (Adware script). Reinstall Chrome. <==== ATTENTION
CHR HKU\S-1-5-21-3206028699-1765535588-2373314373-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ofoeigeaodhbjogdigckajfhjbonaofg] - hxxps://clients2.google.com/service/update2/crx
"sntvhfhs" => service could not be unlocked. <==== ATTENTION
S1 bllehflb; \??\C:\WINDOWS\system32\drivers\bllehflb.sys [X]
S1 jkamaebg; \??\C:\WINDOWS\system32\drivers\jkamaebg.sys [X]
R5 sntvhfhs;  <==== ATTENTION: Locked Service
2018-05-14 15:07 - 2018-05-14 15:19 - 000000258 __RSH C:\ProgramData\ntuser.pol
2018-05-14 12:48 - 2018-05-14 12:48 - 000276016 ____H C:\WINDOWS\system32\Drivers\nmnqwshx.sys
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Games.lnk
C:\Users\Pawelos\Desktop\SpyHunter.lnk
C:\Users\Pawelos\AppData\Roaming\Microsoft\Word\New%20Microsoft%20Word%20Document306640582772275863\New%20Microsoft%20Word%20Document.docx.lnk
C:\Users\Pawelos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter\SpyHunter.lnk
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [{BFD98515-CD74-48A4-98E2-13D209E3EE4F}] -> {BFD98515-CD74-48A4-98E2-13D209E3EE4F} =>  -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} =>  -> No File
ContextMenuHandlers1: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} =>  -> No File
ContextMenuHandlers6: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
Task: {0C451FEF-B1B6-4E9C-BC84-D234E2F69936} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {11761573-9E8F-453F-A8C7-7F22E9697A6F} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {203D501B-CD82-4B2C-A494-7287ECA293E0} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {3FE6A66B-403E-4AD0-B9B0-F3DAD028CD6A} - \WPD\SqmUpload_S-1-5-21-3206028699-1765535588-2373314373-1001 -> No File <==== ATTENTION
Task: {45089BE9-A102-4AA5-A46B-62698CEA7608} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {582FBFA0-6009-465C-A23E-856716C1CB7E} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {5FB26282-E93D-4895-ACA3-300D749B1C62} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {874E73AF-7775-4636-A788-DD5101CE2BCA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {8F2A82E1-FCE7-46D4-B312-9589A2612781} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {9A9B5DCB-16B9-40CD-87B0-8F5AC17FE715} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {A4CD20C1-F74D-4A77-948A-CD72F1843CC8} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {AF5E6999-1BAA-4035-B9AD-31D0EA85CA7D} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {B5F73182-7BE6-4C7B-917B-BD30B8828331} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {F57E34A2-C9AD-4155-9F1C-A8ECA2329EFC} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ewdnmowz.sys:changelist [260]
CMD: dir /a "C:\Users\Pawelos\AppData\Roaming"
CMD: dir /a "C:\Users\Pawelos\AppData\Local"
Hosts:
CMD: ipconfig /flushdns