CloseProcesses:
CreateRestorePoint:
HKU\S-1-5-21-3004843575-4065782542-2389213857-1001\...\Run: [] => [X]
IFEO\taskmgr.exe: [Debugger] 
HKU\S-1-5-21-3004843575-4065782542-2389213857-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gazeta.pl/0,0.html?p=190
HKU\S-1-5-21-3004843575-4065782542-2389213857-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com/?pc=ASJB
SearchScopes: HKU\S-1-5-21-3004843575-4065782542-2389213857-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3004843575-4065782542-2389213857-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
FF user.js: detected! => C:\Users\Użytkownik\AppData\Roaming\Mozilla\Firefox\Profiles\aihtifae.default-1451488673086\user.js [2017-02-22]
R2 SSSvc; C:\Program Files (x86)\ScreenShot\SSSvc.exe [139744 2016-11-02] (Filseclab Corporation Limited)
U4 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]
U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
2018-02-06 21:42 - 2018-02-06 21:42 - 000000000 ____D C:\ProgramData\SWCUTemp
2018-02-06 21:35 - 2018-02-06 21:48 - 000000000 ____D C:\AdwCleaner
Shortcut: C:\Users\Użytkownik\AppData\Local\Microsoft\Windows\RoamingTiles\-4592263490.lnk -> hxxp://www.msn.com/pl-pl/?cobrand=asus13.msn.com&ocid=ASUDHP&pc=ASU2J
ShortcutWithArgument: C:\Users\Użytkownik\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.InternetExplorer.Default\-4592263490.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -contentTile -formatVersion 0x00000003 -pinnedTimeLow 0x2bc5e8e9 -pinnedTimeHigh 0x01d105b0 -securityFlags 0x00000000 -tileType 0x00000003 -url 0x00000046 hxxp://www.msn.com/pl-pl/?cobrand=asus13.msn.com&ocid=ASUDHP&pc=ASU2JS
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScreenShot
C:\Users\Użytkownik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Pełne czyszczenie śmieci.lnk
C:\Program Files (x86)\Elex-tech
C:\Program Files (x86)\ScreenShot
EmptyTemp:
Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"}