CloseProcesses:
CreateRestorePoint:
(The Chromium Authors) C:\Users\Wojtek\AppData\Local\yc\Application\yc.exe
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA
HKU\S-1-5-21-171031571-2620645846-332007427-1000\...\Run: [asamoziqcp] => explorer "hxxp://buksov.ru/?utm_source=uoua03&utm_content=edba48414bdf3580f490f4cfcafe21a5&utm_term=3CD8280C89DABF6E5C3D0EA85533AA07&utm_d=20180225" <==== UWAGA
HKU\S-1-5-21-171031571-2620645846-332007427-1000\...\Run: [ycAutoLaunch_3F1EA48B4A9C851FACCE733C90A745E6] => C:\Users\Wojtek\AppData\Local\yc\Application\yc.exe [921088 2017-08-18] (The Chromium Authors) <==== UWAGA
GroupPolicy: Ograniczenia - Chrome <==== UWAGA
Tcpip\..\Interfaces\{5BE7FA01-CDF5-4594-B9B2-223494168B2F}: [NameServer] 82.163.143.176 82.163.142.178
Tcpip\..\Interfaces\{5BE7FA01-CDF5-4594-B9B2-223494168B2F}: [DhcpNameServer] 192.168.1.1
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-171031571-2620645846-332007427-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-171031571-2620645846-332007427-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
FF Plugin: @microsoft.com/GENUINE -> disabled [Brak pliku]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Brak pliku]
CHR HomePage: Default -> hxxp://www.funnysearching.com/
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) <==== UWAGA (Brak ServiceDLL)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 NTIOLib_1_0_C; \??\F:\NTIOLib_X64.sys [X]
2018-02-25 09:59 - 2018-02-25 10:00 - 000000000 ____D C:\Program Files (x86)\mexiCphuiIE
2018-02-25 09:59 - 2018-02-25 10:00 - 000000000 ____D C:\Program Files (x86)\GveoMZenU
2018-02-25 09:59 - 2018-02-25 09:59 - 000000000 ____D C:\Users\Wojtek\AppData\Local\Поиcк в Интeрнете
2018-02-25 09:59 - 2018-02-25 09:59 - 000000000 ____D C:\Users\Wojtek\AppData\Local\Вoйти в Интeрнет
2018-02-25 09:59 - 2018-02-25 09:59 - 000000000 ____D C:\Users\Wojtek\AppData\Local\yc
2018-02-25 09:30 - 2018-02-25 09:30 - 000000000 ____D C:\ProgramData\Mail.Ru
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Brak pliku
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Brak pliku
Task: {3F09A5BC-C1C2-47C5-921F-641F5DB5A776} - \OneSystemCare Task -> Brak pliku <==== UWAGA
Task: {ED2852FB-B1DF-4A37-BC18-45C9CB962AE2} - \{0E040A47-0A78-7905-0F11-0E7D0D081179} -> Brak pliku <==== UWAGA
AlternateDataStreams: C:\Users\Public\AppData:CSM [478]
FirewallRules: [{8E3C8118-B9FA-4173-AE69-E8C1C19935F0}] => (Allow) C:\Users\Wojtek\AppData\Local\yc\Application\yc.exe
EmptyTemp:
Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"}
CMD: ipconfig /flushdns