CloseProcesses:
CreateRestorePoint:
HKU\S-1-5-21-3533239102-2850785274-1201676170-1001\...\MountPoints2: {218067a3-5c98-11e7-81ff-806e6f6e6963} - "E:\autoplay.exe" 
HKU\S-1-5-21-3533239102-2850785274-1201676170-1001\...\MountPoints2: {34ba3485-daa2-11e7-8216-54e1ad487378} - "H:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-3533239102-2850785274-1201676170-1001\...\MountPoints2: {cd28e6c5-14a9-11e8-821f-54e1ad487378} - "H:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-3533239102-2850785274-1201676170-1001\...\MountPoints2: {cd28e6f3-14a9-11e8-821f-54e1ad487378} - "H:\HiSuiteDownLoader.exe" 
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-21-3533239102-2850785274-1201676170-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-3533239102-2850785274-1201676170-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-3533239102-2850785274-1201676170-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
SearchScopes: HKU\S-1-5-21-3533239102-2850785274-1201676170-1001 -> DefaultScope {26226400-88BC-44BF-AC19-7F9D1F5E6A96} URL = 
SearchScopes: HKU\S-1-5-21-3533239102-2850785274-1201676170-1001 -> {26226400-88BC-44BF-AC19-7F9D1F5E6A96} URL = 
R3 Neo_VPN; C:\WINDOWS\System32\drivers\Neo_VPN.sys [28768 2017-10-31] (SoftEther Project at University of Tsukuba, Japan.)
R1 SeLow; C:\WINDOWS\system32\DRIVERS\SeLow_x64.sys [51024 2017-10-31] (SoftEther Corporation)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> Brak pliku
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> Brak pliku
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> Brak pliku
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> Brak pliku
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> Brak pliku
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> Brak pliku
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Brak pliku
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> Brak pliku
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> Brak pliku
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> Brak pliku
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> Brak pliku
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> Brak pliku
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> Brak pliku
ContextMenuHandlers1: [CLVDShellExt] -> [CC]{3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} =>  -> Brak pliku
ContextMenuHandlers2: [CLVDShellExt] -> [CC]{3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} =>  -> Brak pliku
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> Brak pliku
HKLM\...\StartupApproved\StartupFolder: => "SoftEther VPN Client Manager Startup.lnk"
HKLM\...\StartupApproved\Run: => "SoftEther VPN Client UI Helper"
HKLM\...\StartupApproved\Run32: => "WinampAgent"
FirewallRules: [{468BA24C-50DD-4A53-B3C2-42A5910981FE}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd_x64.exe
FirewallRules: [{BFC4B784-0348-497D-99F4-2A5469D514EA}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
FirewallRules: [{A8466D28-56CF-4117-9C1A-662F46E747BF}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient.exe
FirewallRules: [{8818FFEA-C210-45E6-A0D9-01C63C14485A}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd.exe
FirewallRules: [{8C533F44-AA46-4845-B3E2-BDFDC031539E}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
FirewallRules: [{D8FBA815-C508-4C52-8E22-C80281175627}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr.exe
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\Winampa.exe [12288 2003-04-02] ()
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VUGames\SWAT 4\Usuń grę SWAT 4.lnk
C:\Users\lenovo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\SoftEther VPN Client Manager.lnk
EmptyTemp:
CMD: ipconfig /flushdns