CloseProcesses:
CreateRestorePoint:
EmptyTemp:
VirusTotal: C:\ProgramData\AppmalopiK\IsFresh.dll
VirusTotal: C:\ProgramData\_tmp.exe
FilesInDirectory: C:\ProgramData\*.exe;*.dll;*.ini
Folder: C:\ProgramData\AppmalopiK
Folder: C:\ProgramData\e8dcd391
Folder: C:\Users\Kosia\AppData\Roaming\Browsers
AppInit_DLLs: C:\ProgramData\AppmalopiK\IsFresh.dll => C:\ProgramData\AppmalopiK\IsFresh.dll [342528 2018-03-01] ()
HKU\S-1-5-21-3276778656-193986366-2168794366-1000\...\MountPoints2: {4e13dc1c-ee1d-11e7-b3bd-08626627bd23} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-3276778656-193986366-2168794366-1000\...\MountPoints2: {ce07d33f-31cd-11e8-897e-08626627bd23} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-3276778656-193986366-2168794366-1000\...\MountPoints2: {fb0385d1-a384-11e7-b881-08626627bd23} - F:\AutoRun.exe
Tcpip\..\Interfaces\{CC1AB99C-FBDF-461F-A85B-B1FCBDCBEAE2}: [NameServer] 82.163.143.176 82.163.142.178
Tcpip\..\Interfaces\{CC1AB99C-FBDF-461F-A85B-B1FCBDCBEAE2}: [DhcpNameServer] 192.168.8.1 192.168.8.1
HKU\S-1-5-21-3276778656-193986366-2168794366-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBHN80V5Qf4-sHAsJ8EcOZQdE_NO2Kwysz1IAuCqCcajpLyxAgZA5oNv4npuX7oHrQ_TeOJXnbhwFLL1dZ2btUGMfiMv0yJCrcUfjGqxShp5FHia4dAxNxv_XeDzYxu-xjbK0Zafs-jpuyGixLoLHAlQ_cFL_Q1BWu1mN7i3oZvhSqWg4E--YXmDw,,&q={searchTerms}
HKU\S-1-5-21-3276778656-193986366-2168794366-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBHN80V5Qf4-sHAsJ8EcOZQdE_NO2Kwysz1IAuCqCcajpLyxAgZA5oNv4npuX7oHrQ_TeOJXnbhwFLL1dZ2btUGMfiMs_d8zwoMRdER6PPlmOsY7Wijov_P6SNQwgNxDTHNYL-r8mfTatKc1Gc7pvCF9W2OrMKZfzCk6bfeG-uQ_a4XQfnRFkPMtQ,,
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL = 
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBHN80V5Qf4-sHAsJ8EcOZQdE_NO2Kwysz1IAuCqCcajpLyxAgZA5oNv4npuX7oHrQ_TeOJXnbhwFLL1dZ2btUGMfiMv0yJCrcUfjGqxShp5FHia4dAxNxv_XeDzYxu-xjbK0Zafs-jpuyGixLoLHAlQ_cFL_Q1BWu1mN7i3oZvhSqWg4E--YXmDw,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3276778656-193986366-2168794366-1000 -> DefaultScope {ielnksrch} URL = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBHN80V5Qf4-sHAsJ8EcOZQdE_NO2Kwysz1IAuCqCcajpLyxAgZA5oNv4npuX7oHrQ_TeOJXnbhwFLL1dZ2btUGMfiMv0yJCrcUfjGqxShp5FHia4dAxNxv_XeDzYxu-xjbK0Zafs-jpuyGixLoLHAlQ_cFL_Q1BWu1mN7i3oZvhSqWg4E--YXmDw,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3276778656-193986366-2168794366-1000 -> {ielnksrch} URL = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBHN80V5Qf4-sHAsJ8EcOZQdE_NO2Kwysz1IAuCqCcajpLyxAgZA5oNv4npuX7oHrQ_TeOJXnbhwFLL1dZ2btUGMfiMv0yJCrcUfjGqxShp5FHia4dAxNxv_XeDzYxu-xjbK0Zafs-jpuyGixLoLHAlQ_cFL_Q1BWu1mN7i3oZvhSqWg4E--YXmDw,,&q={searchTerms}
CHR HomePage: Default -> hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBHN80V5Qf4-sHAsJ8EcOZQdE_NO2Kwysz1IAuCqCcajpLyxAgZA5oNv4npuX7oHrQ_TeOJXnbhwFLL1dZ2btUGMfiMv1fVREfv9cOY2p0SAQ66lQZswWMxmmaw6TQHeVN7s3Yd7NTBxLbPzblsFTIBgXxE_l9FffNVex_o45JQ4k12FCfseBiy7A,,
CHR StartupUrls: Default -> "hxxp://www.oursurfing.com/?type=hp&ts=1440178206&z=6482fc48417735a576630ddgdz0z6efgcmabcobgbe&from=amt&uid=SAMSUNGXHD322HJ_S17AJ9AS808760"
S3 MSICDSetup; \??\E:\CDriver64.sys [X]
Task: {5570E4C3-EEC3-4E10-B263-E27482CB2112} - System32\Tasks\{0E090E47-0C78-0E7E-7E11-7F087A0F110B} => C:\Windows\system32\WindowsPowershell\v1.0\powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand IAAgADsAIAA7ADsAIAA7ADsAIAA7ADsAOwAgADsAOwA7ADsAJABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQA9ACIAcwB0AG8AcAAiADsAJABzAGMAPQAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAVwBhAHIAbgBpAG4AZwBQAHIA (dane wartości zawierają 9624 znaków więcej). <==== UWAGA
Task: {679EC469-C9BA-4110-AE3A-51F47551B9CD} - System32\Tasks\{252D0B2B-C4F3-7738-2B4A-D863EF2F9408} => C:\Windows\system32\regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\e8dcd391\ea67273e.dll" <==== UWAGA
Task: {CDB041CD-82CA-4C10-9E11-57D416416F20} - System32\Tasks\C6B64180-7D71-4482-809E-5405F985279B => C:\Windows\SysWOW64\regsvr32.exe /n /s /i:"/279148f19a5f55f5 /q" "C:\Users\Kosia\AppData\Local\36283D~1\{EA672~1."

AlternateDataStreams: C:\Users\Public\AppData:CSM [484]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоme.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ерiс Gаmes Lаunchеr.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\reFX\Nexus\NEXUS Manual English.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\reFX\Nexus\What's New.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Odinstaluj Google Chrome.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net\Ваttle.nеt.lnk
C:\Users\Kosia\Desktop\Ерiс Gаmes Launcher.lnk
C:\Users\Kosia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Intеrnet Ехplоrеr (Nо Add-оns).lnk
C:\Users\Kosia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gоogle Сhromе.lnk
C:\Users\Kosia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lаunсh Internet Еxрlоrеr Вrowser.lnk
C:\Users\Kosia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gоogle Сhrоme.lnk
C:\Users\Kosia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\5fdb9ea4fac2959b\Google Chrome.lnk
C:\Users\Kosia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnet Ехplоrer.lnk
C:\Users\Kosia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnet Ехрlorеr (64-bit).lnk
C:\Users\Public\Desktop\Gооgle Сhrоme.lnk
C:\Users\Public\Desktop\Вattle.net.lnk
C:\Users\Public\Desktop\Еpic Gаmes Lаuncher.lnk
CMD: ipconfig /flushdns
Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"}