CloseProcesses:
CreateRestorePoint:
EmptyTemp:
File: C:\Users\mariu\AppData\Local\chromium\Application\chrome.exe
ShortcutTarget: $McRebootA5E6DEAA56$.lnk ->  (Brak pliku)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk [2019-04-07]
Tcpip\..\Interfaces\{648e2fc9-8cb9-437e-bc77-0a12bc8c6e41}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{93f587b5-79cb-41d4-9eb2-ce089fefb5e1}: [DhcpNameServer] 169.254.94.224
Tcpip\..\Interfaces\{cd80e8a8-4422-427c-bf33-a6deebb0c0a8}: [DhcpNameServer] 192.168.1.254
SearchScopes: HKU\S-1-5-21-3599329740-4042425229-3637981117-1001 -> DefaultScope {4FE08533-A5D6-4501-B9E1-8E7E3929BA7B} URL = 
SearchScopes: HKU\S-1-5-21-3599329740-4042425229-3637981117-1001 -> {4FE08533-A5D6-4501-B9E1-8E7E3929BA7B} URL = 
SearchScopes: HKU\S-1-5-21-3599329740-4042425229-3637981117-1001 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://pl.search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10420__180513__yaie&p={searchTerms}
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  Brak pliku
CHR NewTab: Default ->  Active:"chrome-extension://nladljmabboanhihfkjacnnkgjhnokhj/new-tab.html"
CHR DefaultSearchURL: Default -> hxxps://defaultsearch.co/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> Adaware Secure
CHR Extension: (Adaware Secure) - C:\Users\mariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj [2019-04-07]
CHR HKLM\...\Chrome\Extension: [nladljmabboanhihfkjacnnkgjhnokhj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nladljmabboanhihfkjacnnkgjhnokhj] - hxxps://clients2.google.com/service/update2/crx
S4 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [X]
S2 mfemms; "C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe" [X]
S2 mfevtp; "C:\Windows\system32\mfevtps.exe" [X]
S0 cfwids; system32\drivers\cfwids.sys [X]
R0 mfeaack; system32\drivers\mfeaack.sys [X]
R0 mfeavfk; system32\drivers\mfeavfk.sys [X]
S0 mfeelamk; system32\drivers\mfeelamk.sys [X]
S0 mfefirek; system32\drivers\mfefirek.sys [X]
R0 mfehidk; system32\drivers\mfehidk.sys [X]
R0 mfeplk; system32\drivers\mfeplk.sys [X]
R0 mfewfpk; system32\drivers\mfewfpk.sys [X]
2016-10-17 15:09 - 2016-10-17 15:09 - 000243320 _____ (McAfee, Inc.) C:\Users\mariu\AppData\Local\Temp\McCSPInstall.dll
2019-04-07 17:37 - 2016-10-17 15:09 - 000210776 _____ (McAfee Inc.) C:\Users\mariu\AppData\Local\Temp\mccspuninstall.exe
2019-03-22 23:25 - 2019-03-22 23:25 - 003520000 _____ (Opera Software) C:\Users\mariu\AppData\Local\Temp\Opera_installer_19032221253330118540.dll
2019-03-22 23:25 - 2019-03-22 23:25 - 003520000 _____ (Opera Software) C:\Users\mariu\AppData\Local\Temp\Opera_installer_1903222125333095540.dll
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Brak pliku
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Brak pliku
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> Brak pliku
Task: {38CF021C-5F2E-44B2-9F5A-0E8D202EC082} - System32\Tasks\Opera scheduled Autoupdate 1511426186 => C:\Users\mariu\AppData\Local\Programs\Opera\launcher.exe (Opera Software AS -> Opera Software)
Task: {C59258E1-4E88-495E-A81E-D81B7B6DAACA} - System32\Tasks\Opera scheduled assistant Autoupdate 1547281636 => C:\Users\mariu\AppData\Local\Programs\Opera\launcher.exe (Opera Software AS -> Opera Software)
Task: {C64F2AE9-DDAB-467E-A747-7CBE92725013} - \Microsoft\Windows\UNP\RunCampaignManager -> Brak pliku <==== UWAGA
Task: {D655C773-9438-40AA-B301-7743439954AF} - System32\Tasks\Chromium fodid => C:\WINDOWS\system32\wscript.exe "C:\ProgramData\{44B781D4-CEF5-0B12-4833-9550D2711E9E}\mota.txt" "68747470733a2f2f6b6174756e61712e636f6d" "433a5c50726f6772616d446174615c7b34344237383144342d434546352d304231322d343833332d3935353044323731314539457d5c6e6963697465" "433a5c50726f6772616d446174615c7b34344237383144342d434546352d304231322d (dane wartości zawierają 84 znaków więcej). <==== UWAGA
Task: C:\WINDOWS\Tasks\Chromium fodid.job => Wscript.exe  C:\ProgramData\{44B781D4-CEF5-0B12-4833-9550D2711E9E}\mota.txt <==== UWAGA
AlternateDataStreams: C:\Users\Public\AppData:CSM [221]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [468]
IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-3599329740-4042425229-3637981117-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-3599329740-4042425229-3637981117-1001\...\webcompanion.com -> hxxp://webcompanion.com
FirewallRules: [TCP Query User{6738BF27-E341-4347-B84C-5D9C7F2B886D}E:\cfg\ieembed.exe] => (Block) E:\cfg\ieembed.exe Brak pliku
FirewallRules: [UDP Query User{B9F69EFF-D39A-4CD8-8E28-921A751F4275}E:\cfg\ieembed.exe] => (Block) E:\cfg\ieembed.exe Brak pliku