CloseProcesses:
CreateRestorePoint:
EmptyTemp:
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== UWAGA
HKU\S-1-5-21-2381162110-3476840518-595737578-1002\...\MountPoints2: {2e1fab2e-43eb-11e8-994e-40a3cc64074d} - "F:\DTVP_Launcher.exe" 
HKU\S-1-5-21-2381162110-3476840518-595737578-1002\...\MountPoints2: {ea3ee431-da8e-11e8-9977-40a3cc64074d} - "G:\SETUP.EXE" 
Startup: C:\Users\Andrzej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fauugigw.lnk [2018-10-28]
ShortcutTarget: fauugigw.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
GroupPolicy: Ograniczenia - Windows Defender <==== UWAGA
Tcpip\..\Interfaces\{4315347b-3e0d-46fe-9465-62737fa5010c}: [NameServer] 82.163.143.146,82.163.142.148
Tcpip\..\Interfaces\{4315347b-3e0d-46fe-9465-62737fa5010c}: [DhcpNameServer] 192.168.0.1
SearchScopes: HKLM -> {1B992C42-ED98-43EA-BCC1-036460B2438C} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} URL = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccYvFFNLxdjmAk1sE4noq5xzD924BxrF04YerTkDXfl4xfd7sDWcO6SeLuW8Bid1JggQaM240lteY3kCs83bh2JUn6nOM_PRO7estKpfcn8gwpYPCe9vwOXmmFyG4g4bPue2mO3HHaY2EOJnTtinHY96yaZwbA,,&q={searchTerms}
SearchScopes: HKLM-x32 -> {1B992C42-ED98-43EA-BCC1-036460B2438C} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} URL = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2381162110-3476840518-595737578-1002 -> DefaultScope {8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} URL = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2381162110-3476840518-595737578-1002 -> {1B992C42-ED98-43EA-BCC1-036460B2438C} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2381162110-3476840518-595737578-1002 -> {8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} URL = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2381162110-3476840518-595737578-1002 -> {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccYvFFNLxdjmAk1sE4noq5xzD924BxrF04YerTkDXfl4xfd7sDWcO6SeLuW8Bid1JggQaM240lteY3kCs83bh2JUn6nOM_PRO7estKpfcn8gwpYPCe9vwOXmmFyG4g4bPue2mO3HHaY2EOJnTtinHY96yaZwbA,,&q={searchTerms}
FF Extension: (Brak nazwy) - C:\Program Files\Mozilla Firefox\browser\features\{32082DD9-C536-43AA-AF48-D266049C6FDA}.xpi [2018-10-28] [Brak podpisu cyfrowego]
R2 EventSvc; C:\ProgramData\Microsoft\Windows\EventSvc\eventsvc.exe [360448 2018-07-24] (CloudBees, Inc.) [Brak podpisu cyfrowego] <==== UWAGA
R2 PowerSvc; C:\ProgramData\Microsoft\Windows\Power\PowerSvc.exe [6406448 2018-06-25] () [Brak podpisu cyfrowego] <==== UWAGA
S2 SysSvc; C:\Users\Andrzej\AppData\Local\NtvHost\syssvc.exe [360448 2018-07-24] (CloudBees, Inc.) [Brak podpisu cyfrowego]
S3 H2OFFT; \SystemRoot\System32\drivers\H2OFFT64.sys [X]
2018-10-28 10:44 - 2018-10-28 11:31 - 000000000 ____D C:\Program Files (x86)\gHUgOvOJlIE
2018-10-28 10:44 - 2018-10-28 10:48 - 000000000 ____D C:\ProgramData\ZJlwACxPIpGmpNVB
2018-10-28 10:44 - 2018-10-28 10:48 - 000000000 ____D C:\Program Files (x86)\YFseyhTTSweoDxcixvR
2018-10-28 10:44 - 2018-10-28 10:48 - 000000000 ____D C:\Program Files (x86)\VXIXCZnnU
2018-10-28 10:44 - 2018-10-28 10:48 - 000000000 ____D C:\Program Files (x86)\VBeLgSlZrsYKC
2018-10-28 10:44 - 2018-10-28 10:48 - 000000000 ____D C:\Program Files (x86)\JEkILdsaHvdU2
2018-10-28 10:43 - 2018-10-28 11:31 - 000000000 ____D C:\Program Files\X0D7WILBYZ
2018-10-28 10:43 - 2018-10-28 11:31 - 000000000 ____D C:\Program Files\6W03ZDJXS4
2018-10-28 10:43 - 2018-10-28 10:48 - 000000000 ____D C:\Users\Andrzej\AppData\Roaming\WMPNetworkAcSvc
2018-10-28 10:43 - 2018-10-28 10:48 - 000000000 ____D C:\Users\Andrzej\AppData\Roaming\jryybqrgcvd
2018-10-28 10:43 - 2018-10-28 10:48 - 000000000 ____D C:\Users\Andrzej\AppData\Roaming\etr5dyuia0n
2018-10-28 10:43 - 2018-10-28 10:43 - 000000266 __RSH C:\Users\Andrzej\ntuser.pol
2018-10-28 10:41 - 2018-10-28 10:44 - 000000266 __RSH C:\ProgramData\ntuser.pol
2018-10-28 10:40 - 2018-10-28 11:31 - 000000000 ____D C:\Program Files\72DCLB70UZ
2018-10-28 10:40 - 2018-10-28 11:31 - 000000000 ____D C:\Program Files\1U1HP4DKQC
2018-10-28 10:40 - 2018-10-28 10:48 - 000000000 ____D C:\Users\Andrzej\AppData\Roaming\pxvejaox20s
2018-10-28 10:40 - 2018-10-28 10:48 - 000000000 ____D C:\Users\Andrzej\AppData\Roaming\0iibjiczty0
2018-10-28 10:40 - 2018-10-28 10:48 - 000000000 ____D C:\Program Files (x86)\Knif
2018-10-28 10:40 - 2018-10-28 10:42 - 000000000 ____D C:\Users\Andrzej\AppData\Local\NtvHost
2018-10-28 10:39 - 2018-10-28 10:48 - 000000000 ____D C:\Users\Andrzej\AppData\Local\Micro
2018-10-28 10:39 - 2018-10-28 10:48 - 000000000 ____D C:\ProgramData\Logic Cramble
2018-10-28 10:39 - 2018-10-28 10:42 - 000000414 _____ C:\WINDOWS\Tasks\Updater_Online_Application.job
2018-10-28 10:39 - 2018-10-28 10:40 - 000722944 _____ C:\Users\Andrzej\AppData\Local\sham.db
2018-10-28 10:39 - 2018-10-28 10:39 - 007800320 _____ C:\Users\Andrzej\AppData\Local\agent.dat
2018-10-28 10:39 - 2018-10-28 10:39 - 002020713 _____ C:\Users\Andrzej\AppData\Local\Zer-Light.tst
2018-10-28 10:39 - 2018-10-28 10:39 - 000140800 _____ C:\Users\Andrzej\AppData\Local\installer.dat
2018-10-28 10:39 - 2018-10-28 10:39 - 000126464 _____ C:\Users\Andrzej\AppData\Local\noah.dat
2018-10-28 10:39 - 2018-10-28 10:39 - 000070896 _____ C:\Users\Andrzej\AppData\Local\Config.xml
2018-10-28 10:39 - 2018-10-28 10:39 - 000018432 _____ C:\Users\Andrzej\AppData\Local\Main.dat
2018-10-28 10:39 - 2018-10-28 10:39 - 000016416 _____ C:\Users\Andrzej\AppData\Local\InstallationConfiguration.xml
2018-10-28 10:39 - 2018-10-28 10:39 - 000015606 _____ C:\WINDOWS\SysWOW64\findit.xml
2018-10-28 10:39 - 2018-10-28 10:39 - 000005568 _____ C:\Users\Andrzej\AppData\Local\md.xml
2018-10-28 10:39 - 2018-10-28 10:39 - 000003308 _____ C:\WINDOWS\System32\Tasks\Updater_Online_Application
2018-10-28 10:39 - 2018-10-28 10:39 - 000000000 ____D C:\Users\Andrzej\AppData\Roaming\Microleaves
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> Brak pliku
Task: {B636EBAC-8B49-490C-B7DE-2DE47FA18BD8} - System32\Tasks\PPI Update => C:\WINDOWS\explorer.exe "hxxp://windowsdefender.club/warning/download.php?mn=5623" <==== UWAGA
Task: {DDC613ED-5A2A-4422-BC5A-36AEE588ACD3} - System32\Tasks\Updater_Online_Application => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe [2017-11-02] (Microleaves) <==== UWAGA
Task: C:\WINDOWS\Tasks\Updater_Online_Application.job => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe <==== UWAGA
2018-10-28 10:43 - 2018-06-25 10:43 - 006406448 _____ () C:\ProgramData\Microsoft\Windows\Power\PowerSvc.exe
2018-10-28 10:40 - 2018-09-07 09:14 - 004364800 _____ () C:\ProgramData\Microsoft\Windows\EventSvc\work0.exe
C:\Users\Andrzej\Desktop\moje dox\DHL System Information.lnk
C:\Users\Andrzej\Desktop\moje dox\Środowisko\Środowisko.lnk
C:\Users\Andrzej\Favorites\Links\Amazon.co.uk – Online Shopping.url
C:\Users\Andrzej\Favorites\Links\Booking.com.url
C:\Users\Andrzej\Favorites\HP\Amazon.co.uk – Online Shopping.url
C:\Users\Andrzej\Favorites\HP\Booking.com.url
C:\Users\Default\Favorites\Links\Amazon.co.uk – Online Shopping.url
C:\Users\Default\Favorites\Links\Booking.com.url
C:\Users\Default\Favorites\HP\Amazon.co.uk – Online Shopping.url
C:\Users\Default\Favorites\HP\Booking.com.url
RemoveProxy:
CMD: ipconfig /flushdns