CloseProcesses:
CreateRestorePoint:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\True Key.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk Manufacturing Data Exchange Utility 2018\Autodesk Manufacturing Data Exchange Utility Premium 2018.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk ArtCAM Premium 2018\License Transfer Utility - ArtCAM Premium 2018.lnk
C:\Users\User\Downloads\Downloads\ADAPTACJA PODDASZA WYDATKI.numbers — skrót .lnk
C:\Users\User\Documents\iTunes.lnk
C:\Users\User\Documents\True Key.lnk
C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mesh to single NURBS\Mesh to single nurbs.lnk
C:\Users\User\Favorites\Bing (2) (2).url
C:\Users\User\Favorites\Bing (2) 2 2.url
C:\Users\User\Favorites\Bing (2) 2.url
C:\Users\User\Favorites\Bing (2).url
C:\Users\User\Favorites\Bing (3).url
C:\Users\User\Favorites\Bing 2 (2).url
C:\Users\User\Favorites\Bing 2 2.url
C:\Users\User\Favorites\Bing 2.url
C:\Users\User\Favorites\Bing.url
C:\Users\User\Favorites\Links\Bing.url
C:\Users\User\Favorites\Links\Zaimportowane z Edge\Zaimportowane z Internet Explorer\Bing (2).url
C:\Users\User\Favorites\Links\Zaimportowane z Edge\Zaimportowane z Internet Explorer\Bing 2 (2).url
C:\Users\User\Favorites\Links\Zaimportowane z Edge\Zaimportowane z Internet Explorer\Bing 2 2.url
C:\Users\User\Favorites\Links\Zaimportowane z Edge\Zaimportowane z Internet Explorer\Bing 2.url
C:\Users\User\Favorites\Links\Zaimportowane z Edge\Zaimportowane z Internet Explorer\Bing.url
C:\Users\User\Favorites\Links\Zaimportowane z Edge\Zaimportowane z Chrome\Inne zakładki\BookmarksBar\Bing (2).url
C:\Users\User\Favorites\Links\Zaimportowane z Edge\Zaimportowane z Chrome\Inne zakładki\BookmarksBar\Bing 2 2.url
C:\Users\User\Favorites\Links\Zaimportowane z Edge\Zaimportowane z Chrome\Inne zakładki\BookmarksBar\Bing 2.url
C:\Users\User\Favorites\Links\Zaimportowane z Edge\Zaimportowane z Chrome\Inne zakładki\BookmarksBar\Bing.url
CustomCLSID: HKU\S-1-5-21-1549063140-2996969983-3171838386-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> Brak ścieżki do pliku
CustomCLSID: HKU\S-1-5-21-1549063140-2996969983-3171838386-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> Brak ścieżki do pliku
CustomCLSID: HKU\S-1-5-21-1549063140-2996969983-3171838386-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> Brak ścieżki do pliku
CustomCLSID: HKU\S-1-5-21-1549063140-2996969983-3171838386-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> Brak ścieżki do pliku
CustomCLSID: HKU\S-1-5-21-1549063140-2996969983-3171838386-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> Brak ścieżki do pliku
CustomCLSID: HKU\S-1-5-21-1549063140-2996969983-3171838386-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> Brak ścieżki do pliku
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> Brak pliku
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> Brak pliku
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> Brak pliku
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> Brak pliku
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> Brak pliku
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> Brak pliku
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Brak pliku
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Brak pliku
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> Brak pliku
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> Brak pliku
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> Brak pliku
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> Brak pliku
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> Brak pliku
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> Brak pliku
Task: {2B38A689-D65F-4D3F-9508-8D6D04137A2E} - System32\Tasks\{8288A415-7712-46E3-AD94-BF300BA8C288} => C:\Windows\system32\pcalua.exe -a "G:\Sterowniki DELL\Sterowniki DELL 990\SIEC\Intel_825xx-Gigabit-Platform_A02_R313802.exe" -d "G:\Sterowniki DELL\Sterowniki DELL 990\SIEC"
Task: {6ABD95B1-A83E-4A0E-9BCE-4A64A201AAC9} - System32\Tasks\{52049B6D-F950-4FBA-BE87-349BC15C13DD} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\Windows Live\Installer\wlarp.exe"
Task: {7915E71C-A674-49DE-A536-9CCF62F59004} - System32\Tasks\TR_AntiHijack => C:\Program Files (x86)\Trojan Remover\TRAntiHJ.exe
Task: {A183AACF-C71B-4581-AE43-CF2294F5ACD5} - System32\Tasks\TR_Updater => C:\Program Files (x86)\Trojan Remover\Trupd.exe [2018-02-24] (Simply Super Software)
Task: {A275919E-E7EE-433B-A6CC-E73D7F4DF998} - System32\Tasks\TR_FastScan_AtLogon => C:\Program Files (x86)\Trojan Remover\Trjscan.exe [2018-02-04] (Simply Super Software)
Task: {A5E681F1-B84E-4F5C-8E82-6115E9C66B5D} - System32\Tasks\{F4CA3EF2-7F71-4512-B19C-F1BFBC4FCF3B} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\Przyspiesz\Przyspiesz.exe" -d "C:\Program Files (x86)\Przyspiesz"
Task: {B3D9C564-8297-4DFE-A837-6BE11D728B47} - System32\Tasks\TR_FastScan_Daily_User => C:\Program Files (x86)\Trojan Remover\Trjscan.exe [2018-02-04] (Simply Super Software)
Task: {FAA75DF6-9F16-4348-B91F-F6837AC7A121} - \Microsoft\Windows\UNP\RunCampaignManager -> Brak pliku <==== UWAGA
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9 [304]
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== UWAGA
HKU\S-1-5-21-1549063140-2996969983-3171838386-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1549063140-2996969983-3171838386-1001\...\Policies\Explorer: [NoFavoritesMenu] 0
HKU\S-1-5-21-1549063140-2996969983-3171838386-1001\...\Policies\Explorer: [ForceClassicControlPanel] 0
HKU\S-1-5-21-1549063140-2996969983-3171838386-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [36864 2017-09-29] (Microsoft Corporation)
GroupPolicy: Ograniczenia <==== UWAGA
Tcpip\..\Interfaces\{5750d893-c25e-438c-a27a-cc7308694fd7}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{ceea94df-8b2c-4f69-adee-2fd2d7a04e9e}: [DhcpNameServer] 62.179.1.63 62.179.1.62
Tcpip\..\Interfaces\{d13d7bbf-1d31-474d-a8f8-14a2001ecf83}: [DhcpNameServer] 62.179.1.63 62.179.1.62
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-1549063140-2996969983-3171838386-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
HKU\S-1-5-21-1549063140-2996969983-3171838386-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1549063140-2996969983-3171838386-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
BHO: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> Brak pliku
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> Brak pliku
Toolbar: HKLM - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} -  Brak pliku
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} -  Brak pliku
Toolbar: HKU\S-1-5-21-1549063140-2996969983-3171838386-1001 -> True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} -  Brak pliku
FF Plugin-x32: @mcafee.com/MVT -> C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll [Brak pliku]
CHR HKLM\...\Chrome\Extension: [cpaibbcbodhimfnjnakiidgbpiehfgci] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-02-12]
CHR HKU\S-1-5-21-1549063140-2996969983-3171838386-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cpaibbcbodhimfnjnakiidgbpiehfgci] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-02-12]
CHR HKLM-x32\...\Chrome\Extension: [nlnpeeaafijaebcdgkdeojkpnkfkjdnh] - hxxps://clients2.google.com/service/update2/crx
S2 Stereo Service; "C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe" [X]
S3 WsDrvInst; C:\Program Files (x86)\Wondershare\TunesGo\DriverInstall.exe [X]
U3 mfeavfk01; Brak ImagePath
EmptyTemp:
Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"}