CloseProcesses:
CreateRestorePoint:
AppInit_DLLs: C:\PROGRA~2\Amazon\AMAZON~1\AMAZON~2.DLL => Brak pliku
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1983981968-3035916255-1815669833-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
SearchScopes: HKU\S-1-5-21-1983981968-3035916255-1815669833-1002 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = 
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => nie znaleziono
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\mcafee\msc\npMcSnFFPl64.dll [Brak pliku]
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\msc\npMcSnFFPl.dll [Brak pliku]
U0 Partizan; system32\drivers\Partizan.sys [X]
S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [X]
S3 RSUSBVSTOR; \SystemRoot\System32\Drivers\RtsUVStor.sys [X]
2018-03-02 09:15 - 2018-03-02 09:18 - 000000000 ____D C:\Users\Wiesia G\AppData\Local\Mail.Ru
2018-03-02 09:15 - 2018-03-02 09:17 - 000000000 ____D C:\ProgramData\Mail.Ru
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Brak pliku
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Brak pliku
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =>  -> Brak pliku
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =>  -> Brak pliku
Task: {03D128BC-56F4-4968-805E-25E0333C1004} - System32\Tasks\{6CA6157B-9DDD-4DD0-8783-6D844C942A86} => C:\WINDOWS\system32\pcalua.exe -a F:\install.exe -d F:\
Task: {0EAB8521-9EA3-4BE6-80BE-E4B19E2FD3C3} - System32\Tasks\zokidifcomkui => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" zokidif.com/kui <==== UWAGA
Task: {118FB237-33B6-4BB2-8661-8FCCC6C296A8} - \Microsoft\Windows\UNP\RunCampaignManager -> Brak pliku <==== UWAGA
Task: {12D86A5A-6C8F-420F-8056-AEBE1FF344E1} - \WPD\SqmUpload_S-1-5-21-1983981968-3035916255-1815669833-1002 -> Brak pliku <==== UWAGA
Task: {1E5E1AD1-C31C-4BA6-AA2C-ED96E64526F9} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe [2014-09-11] (Maxthon International ltd.)
Task: {226DB8AC-E011-4372-918B-1CC63CE687A2} - \McAfee\McAfee Idle Detection Task -> Brak pliku <==== UWAGA
Task: {2907FBB4-59D1-428D-B82E-2CABA4E80F08} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Brak pliku <==== UWAGA
Task: {2F643CEB-CDDE-417E-A9FA-2E998E2A28CF} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Brak pliku <==== UWAGA
Task: {3572E4C4-6219-42FB-8318-77B5945A6607} - System32\Tasks\{FCF9E96B-6EF7-4EB3-B83A-4B08D757E5D0} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\Euro Truck Simulator 2\unins000.exe"
Task: {47FB661A-0524-4FA3-9E9F-65F03DCBE221} - System32\Tasks\{65AD9EC1-9CE2-4CB6-A55E-3DEC4DA50027} => C:\WINDOWS\system32\pcalua.exe -a F:\install.exe -d F:\
Task: {496F4687-30CB-4F63-B11C-40393943F2F1} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> Brak pliku <==== UWAGA
Task: {4AA1EE4B-CB34-4ECF-B592-4E1B746446A6} - System32\Tasks\{F0B217EB-4946-4399-803D-376BD3D9D3CF} => C:\WINDOWS\system32\pcalua.exe -a F:\install.exe -d F:\
Task: {55917EE9-95EB-4AB2-B8F5-BE6DAA18863B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Brak pliku <==== UWAGA
Task: {5F224681-3430-47B2-89D1-D498B2266CBD} - System32\Tasks\{73FD55EF-9E0A-4E84-AD18-89B66E31681D} => C:\WINDOWS\system32\pcalua.exe -a F:\autorun.exe -d F:\
Task: {633DCF62-A71D-4F64-9650-DEFF0000C5AD} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Brak pliku <==== UWAGA
Task: {7585A4BA-C65A-4626-B599-5D1917FB83E0} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> Brak pliku <==== UWAGA
Task: {7D613DDE-730B-494C-82AB-2401AADCAB40} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Brak pliku <==== UWAGA
Task: {7F7015F3-5661-4C73-B258-9C6CF4F59044} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> Brak pliku <==== UWAGA
Task: {9032425F-9505-4D7C-BDD8-01154FAB2523} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Brak pliku <==== UWAGA
Task: {9DE456EE-57AD-4144-B9F0-43F851ACBF29} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Brak pliku <==== UWAGA
Task: {A485DE83-390E-4BA5-9D5E-6F445CCF19C9} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Brak pliku <==== UWAGA
Task: {BEE8A74C-9828-42A6-823A-648F94919769} - System32\Tasks\{AF232969-05F4-48A3-A177-07DDC05B1F7B} => C:\WINDOWS\system32\pcalua.exe -a F:\autorun.exe -d F:\
Task: {C9F2A025-5967-4107-82FB-9A3F57D5AC7A} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Brak pliku <==== UWAGA
Task: {D7D45E18-0CCF-4944-9CE2-90CF3B5CCBD1} - System32\Tasks\{23649511-05D0-49DB-98FC-5151413BA193} => C:\WINDOWS\system32\pcalua.exe -a F:\install.exe -d F:\
Task: {EB36AF2B-82D0-4A69-A116-7670330C3D31} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Brak pliku <==== UWAGA
AlternateDataStreams: C:\WINDOWS\SysWOW64\zlib.dll:DocumentSummaryInformation [63]
AlternateDataStreams: C:\WINDOWS\SysWOW64\zlib.dll:SummaryInformation [63]
AlternateDataStreams: C:\WINDOWS\SysWOW64\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
FirewallRules: [{2FD5212D-468C-4118-A730-999C27C85C2D}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{5AE5A127-DB58-4284-A1A6-080727D67A2E}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{2B892AD6-C007-4392-B79E-34B5C7FB3846}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{6A00AAE9-204E-4C9E-9034-606C0B05BE5B}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{AD43EC8F-0AD5-447A-A1CF-661991C23E85}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{5DCC8279-544A-4870-9199-B361AE29444A}] => (Allow) C:\Users\Wiesia G\AppData\Roaming\hOOoewyjO.exe
FirewallRules: [{8428C76F-B600-45FE-80C6-F8AF445FC805}] => (Allow) C:\Program Files (x86)\KUGpQvAdvza.exe
FirewallRules: [{7BF59F72-7715-4C00-BCE8-69C825E2E066}] => (Allow) C:\Users\Wiesia G\AppData\Local\Lite\Application\lite.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maxthon Cloud Browser\Visit Maxthon Forum.url
C:\Users\Default\Favorites\AmazonBrowserBar.url
C:\Users\Wiesia G\Favorites\AmazonBrowserBar.url
EmptyTemp:
Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"}