CloseProcesses:
CreateRestorePoint:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA
HKU\S-1-5-21-1220836415-4008592948-1329472403-1000\...\Policies\Explorer: [NoDrives] 1
HKU\S-1-5-21-1220836415-4008592948-1329472403-1000\...\MountPoints2: {2c8d641a-b0a3-11e6-8412-fcaa143d8075} - F:\setup.exe
GroupPolicy: Ograniczenia <==== UWAGA
Tcpip\Parameters: [NameServer] 82.163.143.176 82.163.142.178
Tcpip\..\Interfaces\{9FB671E6-B8EA-4EFA-B372-D1AB8605255F}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{D7D3BD2E-2D3E-4546-A828-BF6B4876A277}: [NameServer] 82.163.143.176 82.163.142.178
Tcpip\..\Interfaces\{D7D3BD2E-2D3E-4546-A828-BF6B4876A277}: [DhcpNameServer] 192.168.1.1
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-1220836415-4008592948-1329472403-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pl-pl/?ocid=iehp
FF HKU\S-1-5-21-1220836415-4008592948-1329472403-1000\...\Firefox\Extensions: [acewebextension_unlisted@acestream.org] - C:\Users\Grzes\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi => nie znaleziono
FF Plugin: @microsoft.com/GENUINE -> disabled [Brak pliku]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Brak pliku]
FF Plugin HKU\S-1-5-21-1220836415-4008592948-1329472403-1000: @acestream.net/acestreamplugin,version=3.1.16.1 -> C:\Users\Grzes\AppData\Roaming\ACEStream\player\npace_plugin.dll [Brak pliku]
FF Plugin HKU\S-1-5-21-1220836415-4008592948-1329472403-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [Brak pliku]
CHR HKU\S-1-5-21-1220836415-4008592948-1329472403-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx
U3 acn1zmhb; C:\Windows\System32\Drivers\acn1zmhb.sys [0 ] (Advanced Micro Devices) <==== UWAGA (zerobajtowy plik/folder)
S3 cpuz137; \??\C:\Users\Grzes\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [X] <==== UWAGA
S3 dcdbas; system32\DRIVERS\dcdbas64.sys [X]
S2 WinRing0_1_2_0; \??\D:\Program Files (x86)\EVGA\Precision XOC\WinRing0\WinRing0x64.sys [X]
2018-02-08 22:20 - 2018-02-08 22:25 - 000000000 ____D C:\AdwCleaner
CustomCLSID: HKU\S-1-5-21-1220836415-4008592948-1329472403-1000_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Grzes\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileCoAuthLib64.dll => Brak pliku
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> Brak pliku
ContextMenuHandlers6: [Fast Explorer] -> {693BE9C0-BEC3-11D2-B4C1-C33BBD3AD64B} =>  -> Brak pliku
Task: {4FD031BE-583C-4ACF-A557-E044E86C03A3} - System32\Tasks\{0B4D71F9-1975-E8F2-799D-DB26E77A996A} => C:\Windows\system32\regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\cc402c09\9e189550.dll" <==== UWAGA
Task: {5E2F92FF-8A70-404A-8331-B6B0B01D2864} - System32\Tasks\{F86755C2-8DB0-4867-BF1C-EE453A75DF83} => C:\Windows\system32\pcalua.exe -a D:\instalki\ActivationAcronisTIH.exe -d D:\instalki
Task: {7AAAC804-BE97-4AF0-BC73-093B6AEF4E93} - System32\Tasks\{087E0C47-0B78-7A0D-0511-0D050B091179} => C:\Windows\system32\WindowsPowershell\v1.0\powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand IAAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AIgBzAHQAbwBwACIAOwAkAHMAYwA9ACIAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQAiADsAJABXAGEAcgBuAGkAbgBnAFAAcgBlAGYAZQByAGUAbgBjAGUAPQAkAHMAYwA7ACQAUAByAG8A (dane wartości zawierają 9512 znaków więcej). <==== UWAGA
Task: {7F29E2BE-831E-4B07-A783-7770A2785F99} - System32\Tasks\{E3DE4F87-18DA-40DD-9B74-96ACED1C6E8F} => C:\Windows\system32\pcalua.exe -a D:\instalki\XperiaCompanion.exe -d D:\instalki
Task: {BEE8943B-C54B-4498-AEB7-083ACE660D81} - System32\Tasks\{811360E6-B5E4-4275-A937-AD94D48A2749} => C:\Windows\system32\pcalua.exe -a "C:\Users\Grzes\Desktop\Acronis True Image Home 2014 17.0\Acronis True Image Home 2014 17.0 Build 6614 Premium [PL]\Activation TIH\Activation TIH.exe" -d "C:\Users\Grzes\Desktop\Acronis True Image Home 2014 17.0\Acronis True Image Home 2014 17.0 Build 6614 Premium [PL]\Activation TIH"
Task: {C9C3B8B1-F6CE-4B03-997D-3457987EB7F5} - System32\Tasks\524763A0-3EFE-6239-A0A5-92AC29FD36F5 => C:\Windows\SysWOW64\regsvr32.exe /n /s /i:"/367997e69871612f /q" "C:\Users\Grzes\AppData\Local\2A365B~1\{9E189~1."
HKU\S-1-5-21-1220836415-4008592948-1329472403-1000\Software\Classes\.scr: AutoCADScriptFile => C:\Windows\system32\notepad.exe "%1"
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vulkan 1.0.3.0\Demos\vulkaninfo.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vulkan 1.0.3.0\Demos\vulkaninfo32.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ophcrack\Uninstall.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ophcrack\Website.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero StartSmart.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Little Fighter 2\Little Fighter 2.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Little Fighter 2\Uninstall.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Little Fighter 2\Website.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter\GDSMux.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter\Uninstall.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Counter-Strike 1.6 Non-Steam\Counter-Strike 1.6 Non-Steam.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Counter-Strike 1.6 Non-Steam\Uninstall.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Counter-Strike 1.6 Non-Steam\Website.lnk
C:\Users\Gość\Desktop\Counter-Strike 1.6 Non Steam Patch.lnk
C:\Users\Gość\Desktop\Counter-Strike 1.6 Non-Steam.lnk
C:\Users\Gość\Desktop\pes2013_100 — skrót.lnk
C:\Users\Gość\Desktop\settings — skrót.lnk
C:\Users\Gość\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
C:\Users\Gość\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
C:\Users\Gość\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
C:\Users\Gość\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
C:\Users\Grzes\Desktop\Ace Player.lnk
C:\Users\Grzes\AppData\Roaming\VOS\HD Tune Pro\%Desktop%\HD Tune Pro.lnk
C:\Users\Grzes\AppData\Roaming\VOS\HD Tune Pro\%Common Programs%\HD Tune Pro\HD Tune Pro Manual.lnk
C:\Users\Grzes\AppData\Roaming\VOS\HD Tune Pro\%Common Programs%\HD Tune Pro\HD Tune Pro on the Web.lnk
C:\Users\Grzes\AppData\Roaming\VOS\HD Tune Pro\%Common Programs%\HD Tune Pro\HD Tune Pro.lnk
C:\Users\Grzes\AppData\Roaming\VOS\HD Tune Pro\%Common Programs%\HD Tune Pro\Uninstall HD Tune Pro.lnk
C:\Users\Grzes\AppData\Roaming\Microsoft\Virtual PC\Virtual Machines\New Virtual Machine.lnk
EmptyTemp:
CMD: ipconfig /flushdns
Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"}
Hosts: