CloseProcesses:
CreateRestorePoint:
HKU\S-1-5-21-32054031-2573089171-2268701630-1001\...\Run: [GameCenterMailRu] => "C:\Users\Arkadiusz\AppData\Local\Mail.Ru\GameCenter\GameCenter@Mail.Ru.exe" -autostart
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-32054031-2573089171-2268701630-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-32054031-2573089171-2268701630-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pl-pl/?ocid=iehp
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\689299812.js [2018-01-26] <==== UWAGA (Linkuje do pliku *.cfg)
FF ExtraCheck: C:\Program Files\mozilla firefox\689299812.cfg [2018-01-26] <==== UWAGA
CHR DefaultSearchURL: Default -> hxxps://tunergear.com/16058309/checkouts/62dd41018b7665042ec6567d35144885
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gannpgaobkkhmpomoijebaigcapoeebl] - hxxps://clients2.google.com/service/update2/crx
U3 aswbdisk; Brak ImagePath
2018-02-05 16:50 - 2018-02-05 17:26 - 000000000 ____D C:\AdwCleaner
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Brak pliku
Shortcut: C:\Users\Arkadiusz\Desktop\MMO\Игровой центр Mail.Ru.lnk -> C:\Users\Arkadiusz\AppData\Local\Mail.Ru\GameCenter\GameCenter@Mail.Ru.exe (Brak pliku) <==== Cyrillic
FirewallRules: [TCP Query User{6468362B-94EC-43A8-B7D6-AB9A32E5956A}C:\users\arkadiusz\appdata\local\mycomgames\mycomgames.exe] => (Allow) C:\users\arkadiusz\appdata\local\mycomgames\mycomgames.exe
FirewallRules: [UDP Query User{E1840F34-4FD7-49E9-BECF-694CB4684121}C:\users\arkadiusz\appdata\local\mycomgames\mycomgames.exe] => (Allow) C:\users\arkadiusz\appdata\local\mycomgames\mycomgames.exe
FirewallRules: [{EDFC8B29-1924-4690-AF11-820882CC00BD}] => (Allow) C:\Users\Arkadiusz\AppData\Local\Mail.Ru\GameCenter\GameCenter@Mail.Ru.exe
FirewallRules: [{6D33BA6A-188E-4710-BD42-09115F5BF811}] => (Allow) C:\Users\Arkadiusz\AppData\Local\Mail.Ru\GameCenter\GameCenter@Mail.Ru.exe
C:\Users\Arkadiusz\Desktop\MMO\My.com Game Center.lnk
C:\Users\Arkadiusz\Desktop\MMO\Игровой центр Mail.Ru.lnk
C:\Users\Arkadiusz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My.com Games
C:\Users\Arkadiusz\AppData\Local\MyComGames
C:\Users\Arkadiusz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mail.Ru
C:\Users\Arkadiusz\AppData\Local\Mail.Ru
InternetURL: C:\Users\Arkadiusz\Desktop\MMO\Armored Warfare.url -> URL: mycomgames://play/13.2000009
InternetURL: C:\Users\Arkadiusz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Armored Warfare MyCom Beta\Armored Warfare.url -> URL: mycomgames://play/13.2000009
InternetURL: C:\Users\Arkadiusz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Armored Warfare MyCom Beta\Uninstall Armored Warfare.url -> URL: mycomgames://uninstall/13.2000009
EmptyTemp:
Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"}