CloseProcesses:
CreateRestorePoint:
EmptyTemp:
VirusTotal: C:\ProgramData\wta39003.exe
VirusTotal: C:\Users\Klusek\AppData\Roaming\Endless.Space.2.Deluxe.Edition.ENG.Repack\pxjhze.exe
HKU\S-1-5-21-2486246776-2999285121-1746736506-1001\...\Run: [Klusek] => explorer.exe hxxp://ozirizsoos.info <==== UWAGA
HKU\S-1-5-21-2486246776-2999285121-1746736506-1001\...\MountPoints2: {e4faddb4-988d-11e6-852e-d8cb8a4fb91a} - "G:\SISetup.exe" 
Tcpip\..\Interfaces\{bc4db40e-89a0-4c95-8c9a-ee2edfabb13f}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{bf614ce0-a430-4a2b-af64-97852d386a4b}: [DhcpNameServer] 192.168.8.1 192.168.8.1
S3 mracsvc; C:\WINDOWS\System32\mracsvc.exe [8010968 2018-01-27] (LLC Mail.Ru)
R2 wta39003; C:\ProgramData\wta39003.exe [386232 2017-07-12] () <==== UWAGA
S3 mracdrv; C:\WINDOWS\System32\drivers\mracdrv.sys [7238880 2018-01-27] (LLC Mail.Ru)
CustomCLSID: HKU\S-1-5-21-2486246776-2999285121-1746736506-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Klusek\AppData\Local\Microsoft\OneDrive\17.3.6917.0607\amd64\FileSyncShell64.dll => Brak pliku
CustomCLSID: HKU\S-1-5-21-2486246776-2999285121-1746736506-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Klusek\AppData\Local\Microsoft\OneDrive\17.3.6917.0607\amd64\FileSyncShell64.dll => Brak pliku
CustomCLSID: HKU\S-1-5-21-2486246776-2999285121-1746736506-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Klusek\AppData\Local\Microsoft\OneDrive\17.3.6917.0607\amd64\FileSyncShell64.dll => Brak pliku
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> Brak pliku
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> Brak pliku
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> Brak pliku
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> Brak pliku
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> Brak pliku
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> Brak pliku
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Brak pliku
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> Brak pliku
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> Brak pliku
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> Brak pliku
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> Brak pliku
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> Brak pliku
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> Brak pliku
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Brak pliku
Task: {4BE26BE2-D3AF-42CE-B4B5-E2ACB5F59094} - System32\Tasks\SystemMaintanceTask => C:\Users\Klusek\AppData\Roaming\Endless.Space.2.Deluxe.Edition.ENG.Repack\pxjhze.exe
Task: {4DAB1E9A-5EE5-416D-BD17-7B6344AF20DB} - \Microsoft\Windows\UNP\RunCampaignManager -> Brak pliku <==== UWAGA
Task: {59091FE3-4D92-4173-A149-6C49A98C03DE} - System32\Tasks\SessionAgent => C:\windows\sysckeck32.exe
Task: {FF1100FF-5516-477F-BFF8-85D5DA8387C6} - System32\Tasks\Klusek => cmd.exe /c REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /f /v Klusek /t REG_SZ /d "explorer.exe hxxp://ozirizsoos.info" <==== UWAGA
C:\Users\Klusek\Links\OneDrive.lnk
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh advfirewall reset