CloseProcesses:
CreateRestorePoint:
() C:\Users\Kuba\AppData\Local\Temp\4fba86d1cae54ea7a12a24af0950bf7f\pWEnLLY.exe
() C:\Program Files\Windows NT\POIOUWMJKT\EVKPGFFRSP.exe
() C:\Users\Kuba\AppData\Local\Temp\bd7e80f391c6448fa9a03c53f082da50\Snmpqp9C.exe
() C:\Users\Kuba\AppData\Local\Temp\5511069c7a3b4b9aafbfc673b1c348d7\i3jX4tgv.exe
() C:\ProgramData\5ff6d31a10a547a99d7e92383f82f454\2Bdq3aTpHdE3.exe
() C:\ProgramData\db4c6f5af4a64f98bb64cc0bbd58685e\YZCJZWZENT.exe
() C:\Users\Kuba\AppData\Local\Temp\f505c0e7061544ecaecb251790649cc0\OXDhmTrTX.exe
() C:\Users\Kuba\AppData\Local\8f9be70db39e4dfa93b330874a67b166\QE0JbfiBGrQ0kc.exe
() C:\Users\Kuba\AppData\Local\80970579af0040c9a657b873b360f355\ATiPdnehKrEVdH.exe
() C:\ProgramData\70a25dfe1f3f49ec9305fc751d04f769\eowrXePbooB.exe
() C:\ProgramData\72829f52feb34e6a82377cd89caafa8c\KZOJWmALp1Dh.exe
(cIRaU) C:\Users\Kuba\AppData\Local\091a11d4cd16450fa96cdaa46853e67f\4n6PXu6rt12CV.exe
() C:\Users\Kuba\AppData\Roaming\96462059e29d441ca9837cb81066479f\U52yOnwEEleZ.exe
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKLM\...\RunOnce: [Lahin_Raw_barra_al3eb_b3id_OTWHPTESHP.exe] => C:\Program Files\Corel\CZQZBSWBFU\OTWHPTESHP.exe [397824 2018-02-28] ()
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1556375238-227923929-2487005268-1000\...\Run: [EVKPGFFRSP.exe] => C:\Program Files\Windows NT\POIOUWMJKT\EVKPGFFRSP.exe [393728 2018-02-28] ()
HKU\S-1-5-21-1556375238-227923929-2487005268-1000\...\Run: [Snmpqp9C.exe] => C:\Users\Kuba\AppData\Local\Temp\bd7e80f391c6448fa9a03c53f082da50\Snmpqp9C.exe [566272 2018-02-28] () <==== ATTENTION
HKU\S-1-5-21-1556375238-227923929-2487005268-1000\...\Run: [i3jX4tgv.exe] => C:\Users\Kuba\AppData\Local\Temp\5511069c7a3b4b9aafbfc673b1c348d7\i3jX4tgv.exe [566272 2018-02-28] () <==== ATTENTION
HKU\S-1-5-21-1556375238-227923929-2487005268-1000\...\Run: [OXDhmTrTX.exe] => C:\Users\Kuba\AppData\Local\Temp\f505c0e7061544ecaecb251790649cc0\OXDhmTrTX.exe [566272 2018-02-28] () <==== ATTENTION
HKU\S-1-5-21-1556375238-227923929-2487005268-1000\...\Run: [QE0JbfiBGrQ0kc.exe] => C:\Users\Kuba\AppData\Local\8f9be70db39e4dfa93b330874a67b166\QE0JbfiBGrQ0kc.exe [566272 2018-02-28] ()
HKU\S-1-5-21-1556375238-227923929-2487005268-1000\...\Run: [ATiPdnehKrEVdH.exe] => C:\Users\Kuba\AppData\Local\80970579af0040c9a657b873b360f355\ATiPdnehKrEVdH.exe [566272 2018-02-28] ()
HKU\S-1-5-21-1556375238-227923929-2487005268-1000\...\Run: [eowrXePbooB.exe] => C:\ProgramData\70a25dfe1f3f49ec9305fc751d04f769\eowrXePbooB.exe [566272 2018-02-28] ()
HKU\S-1-5-21-1556375238-227923929-2487005268-1000\...\Run: [KZOJWmALp1Dh.exe] => C:\ProgramData\72829f52feb34e6a82377cd89caafa8c\KZOJWmALp1Dh.exe [434176 2018-03-02] ()
HKU\S-1-5-21-1556375238-227923929-2487005268-1000\...\Run: [4n6PXu6rt12CV.exe] => C:\Users\Kuba\AppData\Local\091a11d4cd16450fa96cdaa46853e67f\4n6PXu6rt12CV.exe [604672 2018-03-02] (cIRaU)
HKU\S-1-5-21-1556375238-227923929-2487005268-1000\...\Run: [U52yOnwEEleZ.exe] => C:\Users\Kuba\AppData\Roaming\96462059e29d441ca9837cb81066479f\U52yOnwEEleZ.exe [434176 2018-03-03] ()
HKU\S-1-5-21-1556375238-227923929-2487005268-1000\...\Run: [pWEnLLY.exe] => C:\Users\Kuba\AppData\Local\Temp\4fba86d1cae54ea7a12a24af0950bf7f\pWEnLLY.exe [434176 2018-03-03] () <==== ATTENTION
HKU\S-1-5-21-1556375238-227923929-2487005268-1000\...\MountPoints2: {05e44dab-b5f9-11e5-a55d-a4badbcd1065} - H:\autorun.exe
HKU\S-1-5-21-1556375238-227923929-2487005268-1000\...\MountPoints2: {05e44dac-b5f9-11e5-a55d-a4badbcd1065} - I:\autorun.exe
GroupPolicy: Restriction - Chrome <==== ATTENTION
Tcpip\..\Interfaces\{2B071E08-236D-4A88-A966-0A02256CA7E3}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{38AB2438-D559-436B-AAD8-E0B3316D7C6B}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{541A16BF-1651-4D87-BFBC-8466208B8183}: [DhcpNameServer] 192.168.43.1
HKU\S-1-5-21-1556375238-227923929-2487005268-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pl-pl/?ocid=iehp
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [No File]
CHR res: Infected resources.pak (Adware script). Reinstall Chrome. <==== ATTENTION
CHR HKU\S-1-5-21-1556375238-227923929-2487005268-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
S3 Disc Soft Lite Bus Service; "H:\Programy\25-11-2015\Daemon Tools Lite\DiscSoftBusService.exe" [X]
U3 aq4jgnfa; C:\Windows\System32\Drivers\aq4jgnfa.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
2018-03-03 17:23 - 2018-03-03 17:23 - 000000000 ____D C:\ProgramData\7ba48c33e8754b47bf8e742ce0c24463
2018-03-03 11:23 - 2018-03-03 11:23 - 000000000 ____D C:\Users\Kuba\AppData\Roaming\96462059e29d441ca9837cb81066479f
2018-03-03 11:23 - 2018-03-03 11:23 - 000000000 ____D C:\Users\Kuba\AppData\Roaming\318bc994ba814f11807bed4f1bc5345c
2018-03-02 23:10 - 2018-03-02 23:10 - 000000000 ____D C:\Users\Kuba\AppData\Roaming\88e809f2d2f547f48add61dc0f420916
2018-03-02 23:10 - 2018-03-02 23:10 - 000000000 ____D C:\Users\Kuba\AppData\Local\091a11d4cd16450fa96cdaa46853e67f
2018-03-02 23:10 - 2018-03-02 23:10 - 000000000 ____D C:\ProgramData\72829f52feb34e6a82377cd89caafa8c
2018-02-28 21:34 - 2018-02-28 21:34 - 000000000 ____D C:\Users\Kuba\AppData\Roaming\76aad510b988449bb0d5aa2581508a00
2018-02-28 21:34 - 2018-02-28 21:34 - 000000000 ____D C:\ProgramData\70a25dfe1f3f49ec9305fc751d04f769
2018-02-28 20:47 - 2018-02-28 20:47 - 000000000 ____D C:\Users\Kuba\AppData\Local\80970579af0040c9a657b873b360f355
2018-02-28 20:20 - 2018-02-28 20:20 - 000000000 ____D C:\Users\Kuba\AppData\Roaming\d2a3d7283e5f449383556382528bea39
2018-02-28 20:20 - 2018-02-28 20:20 - 000000000 ____D C:\Users\Kuba\AppData\Local\8f9be70db39e4dfa93b330874a67b166
2018-02-28 20:13 - 2018-02-28 20:13 - 000000000 ____D C:\Users\Kuba\AppData\Roaming\c76ff77fd31c43409ca8766b7a444657
2018-02-28 19:27 - 2018-02-28 19:27 - 000000000 ____D C:\Users\Kuba\AppData\Roaming\f6f12067711f4879ab0e90b6c51bdbdb
2018-02-28 19:27 - 2018-02-28 19:27 - 000000000 ____D C:\ProgramData\5ff6d31a10a547a99d7e92383f82f454
2018-02-28 19:07 - 2018-02-28 19:07 - 000000000 ____D C:\Users\Kuba\AppData\Local\144662dbc0ad4cf9b589d569bc132721
2018-02-28 18:24 - 2018-02-28 19:42 - 000000000 ____D C:\ProgramData\db4c6f5af4a64f98bb64cc0bbd58685e
2018-02-28 18:24 - 2018-02-28 18:24 - 000000000 ____D C:\Users\Kuba\AppData\Roaming\e048e39e95d946a5aa89e0b33928aa38
2018-02-28 18:24 - 2018-02-28 18:24 - 000000000 ____D C:\ProgramData\71097fb645124966982067e1123548e8
2018-02-28 18:24 - 2018-02-28 18:24 - 000000000 ____D C:\ProgramData\3c6c846e2f9345a7b17a6e1397517056
2018-02-28 18:24 - 2018-02-28 18:24 - 000000000 ____D C:\ProgramData\228af6fe32b244238c2cd24ea0af9fb9
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x64) - RUS (HKLM\...\{25FB53C5-BE4C-3B6C-A0C9-D49A39227E1E}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (HKLM-x32\...\{68DC347D-C1C0-3DE2-A53E-CCC71DA53E57}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Task: {0418DFC4-5CE5-4870-8A2A-80D9DBDA8523} - System32\Tasks\GoogleUpdateSecurityTaskMachine_YI => C:\ProgramData\3c6c846e2f9345a7b17a6e1397517056\HandlerExecution.exe [2018-02-28] () <==== ATTENTION
Task: {12FF7EBD-1241-442A-9E63-F3ECD5F2B7B5} - System32\Tasks\GoogleUpdateSecurityTaskMachine_UR => C:\ProgramData\db4c6f5af4a64f98bb64cc0bbd58685e\HandlerExecution.exe [2018-02-28] () <==== ATTENTION
Task: {4DE98FA4-77D0-432D-9A20-2F6C718761D8} - System32\Tasks\GoogleUpdateSecurityTaskMachine_AB => C:\ProgramData\228af6fe32b244238c2cd24ea0af9fb9\HandlerExecution.exe [2018-02-28] () <==== ATTENTION
Task: {6BF63B7C-CF52-4655-B50C-A68DD8C1BF1D} - System32\Tasks\{2A740717-9591-4128-92F1-E20F80764959} => C:\Program Files (x86)\Common Files\tfNgv.exe [1623-04-04] (Microsoft Corporation)
Task: {90A4519A-4FAA-4536-BD8E-543AEA9A6147} - System32\Tasks\{08873486-8958-4B86-94B6-E409C9773135} => C:\Program Files (x86)\Common Files\iGQYmEow.exe [1623-04-04] (Microsoft Corporation)
Task: {DAA838A0-46F5-4D40-9BE0-B6A2376B3FCB} - System32\Tasks\GoogleUpdateSecurityTaskMachine_ET => C:\Users\Kuba\AppData\Local\Temp\b3da004299b345e2bd7da19500e1830f\HandlerExecution.exe <==== ATTENTION
Task: {EF865F4D-95B3-496B-B01B-56B7DD3F7215} - System32\Tasks\GoogleUpdateSecurityTaskMachine_WN => C:\Users\Kuba\AppData\Roaming\e048e39e95d946a5aa89e0b33928aa38\HandlerExecution.exe [2018-02-28] () <==== ATTENTION
2018-03-03 17:23 - 2018-03-03 17:23 - 000434176 _____ () C:\Users\Kuba\AppData\Local\Temp\4fba86d1cae54ea7a12a24af0950bf7f\pWEnLLY.exe
2018-02-28 18:24 - 2018-02-28 18:24 - 000393728 _____ () C:\Program Files\Windows NT\POIOUWMJKT\EVKPGFFRSP.exe
2018-02-28 18:24 - 2018-02-28 18:24 - 000566272 ____N () C:\Users\Kuba\AppData\Local\Temp\bd7e80f391c6448fa9a03c53f082da50\Snmpqp9C.exe
2018-02-28 19:07 - 2018-02-28 19:07 - 000566272 ____N () C:\Users\Kuba\AppData\Local\Temp\5511069c7a3b4b9aafbfc673b1c348d7\i3jX4tgv.exe
2018-02-28 19:27 - 2018-02-28 19:27 - 000566272 _____ () C:\ProgramData\5ff6d31a10a547a99d7e92383f82f454\2Bdq3aTpHdE3.exe
2018-02-28 19:42 - 2018-02-28 19:42 - 000566272 _____ () C:\ProgramData\db4c6f5af4a64f98bb64cc0bbd58685e\YZCJZWZENT.exe
2018-02-28 20:13 - 2018-02-28 20:13 - 000566272 ____N () C:\Users\Kuba\AppData\Local\Temp\f505c0e7061544ecaecb251790649cc0\OXDhmTrTX.exe
2018-02-28 20:20 - 2018-02-28 20:20 - 000566272 _____ () C:\Users\Kuba\AppData\Local\8f9be70db39e4dfa93b330874a67b166\QE0JbfiBGrQ0kc.exe
2018-02-28 20:47 - 2018-02-28 20:47 - 000566272 _____ () C:\Users\Kuba\AppData\Local\80970579af0040c9a657b873b360f355\ATiPdnehKrEVdH.exe
2018-02-28 21:34 - 2018-02-28 21:34 - 000566272 _____ () C:\ProgramData\70a25dfe1f3f49ec9305fc751d04f769\eowrXePbooB.exe
2018-03-02 23:10 - 2018-03-02 23:10 - 000434176 _____ () C:\ProgramData\72829f52feb34e6a82377cd89caafa8c\KZOJWmALp1Dh.exe
2018-03-03 11:23 - 2018-03-03 11:23 - 000434176 _____ () C:\Users\Kuba\AppData\Roaming\96462059e29d441ca9837cb81066479f\U52yOnwEEleZ.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart File Advisor\Smart File Advisor Updater.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart File Advisor\Startup Application Checker.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pazera Free MKV to AVI Converter\Deinstalacja programu Pazera Free MKV to AVI Converter.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pazera Free MKV to AVI Converter\Pazera Free MKV to AVI Converter.lnk
C:\Users\Kuba\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\b88be1ac11ba8fe\MATLAB R2010a.lnk
EmptyTemp:
Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"}
CMD: ipconfig /flushdns
CMD: netsh advfirewall reset