Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja: 13-12-2020 Uruchomiony przez Dorota (13-12-2020 20:42:00) Run:2 Uruchomiony z C:\Users\Dorota\Downloads Załadowane profile: Dorota Tryb startu: Normal ============================================== fixlist - zawartość: ***************** CreateRestorePoint: CloseProcesses: EmptyTemp: File: C:\WINDOWS\system32\LSMD.exe File: C:\Users\Dorota\AppData\Roaming\dbcfjie.exe File: C:\WINDOWS\system32\dwm.exe HKLM-x32\...\Run: [haleng] => C:\Users\Dorota\AppData\Local\Temp\haleng.e <==== UWAGA Task: {0B34E821-4859-42C7-B340-721047D7B52F} - System32\Tasks\NvNgxUpdateCheckDaily_{2A68F03E-F03E-F03E-F03E-2A68F03EF03E} => C:\Users\Dorota\AppData\Roaming\dbcfjie.exe <==== UWAGA Task: {70674F09-FF37-4E72-B549-DC5042EEB161} - System32\Tasks\178BFBFF00660F51 => C:\Users\Dorota\AppData\Local\Temp\873F57220CEF220510C1E2E55E1365BEA08CD8F249820F07C5FF7ADB12BEE25129EEC0FF3B9047699F71758CE702BBFC2643619A547FBD89385A1C54D3F720BA\sihost.exe <==== UWAGA Tcpip\..\Interfaces\{380ae885-8c18-4d85-8701-7b8c8711ba40}: [DhcpNameServer] 192.168.1.1 2020-12-13 16:29 - 2020-12-13 16:37 - 000000000 ____D C:\ProgramData\I6T6qBZuXkRTlSZ591 2020-12-13 16:28 - 2020-12-13 16:28 - 000000014 _____ C:\ProgramData\kaosdma.txt 2020-12-13 16:28 - 2020-12-13 16:28 - 000000000 ____D C:\Users\Dorota\AppData\Roaming\Doleoni 2020-12-13 16:28 - 2020-12-13 16:28 - 000000000 ____D C:\Users\Dorota\AppData\LocalLow\nb98wqnehe8bw89hb 2020-12-13 16:28 - 2020-12-13 16:28 - 000000000 ____D C:\ProgramData\Riate 2020-12-13 16:27 - 2020-12-13 16:58 - 000000000 ____D C:\WINDOWS\SysWOW64\tquvbhsn 2020-12-13 16:27 - 2020-12-13 16:58 - 000000000 ____D C:\Users\Dorota\AppData\Roaming\Smart Clock 2020-12-13 16:27 - 2020-12-13 16:58 - 000000000 ____D C:\Users\Dorota\AppData\Local\9443cc81-236c-4feb-a93d-f817e3ebe2ba 2020-12-13 16:27 - 2020-12-13 16:58 - 000000000 ____D C:\Program Files (x86)\golefd 2020-12-13 16:27 - 2020-12-13 16:39 - 000003764 _____ C:\WINDOWS\system32\Tasks\NvNgxUpdateCheckDaily_{2A68F03E-F03E-F03E-F03E-2A68F03EF03E} 2020-12-13 16:27 - 2020-12-13 16:36 - 000000000 ____D C:\ProgramData\C7YAA8R3BANCNN2GHJD4ZVA13 2020-12-13 16:27 - 2020-12-13 16:27 - 000186896 _____ () C:\Users\Dorota\AppData\Roaming\7207061.79 2020-12-13 16:27 - 2020-12-13 16:27 - 000004124 _____ C:\WINDOWS\system32\Tasks\178BFBFF00660F51 ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> Brak pliku ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> Brak pliku ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> Brak pliku ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> Brak pliku ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> Brak pliku ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> Brak pliku ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> Brak pliku ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> Brak pliku FirewallRules: [{3029403F-3C58-4C25-8BE1-A8E45C627D44}] => (Allow) LPort=5357 FilesInDirectory: C:\Users\Dorota\AppData\Local\*.exe;*.dll;*.ini;*.txt FilesInDirectory: C:\Users\Dorota\AppData\Roaming\*.exe;*.dll;*.ini;*.txt CMD: dir /a "C:\ProgramData" RemoveProxy: Hosts: ***************** Punkt przywracania został pomyślnie utworzony. Procesy zostały pomyślnie zamknięte. ========================= File: C:\WINDOWS\system32\LSMD.exe ======================== C:\WINDOWS\system32\LSMD.exe Catalog: Error1: CreateFileW function failed Brak podpisu cyfrowego MD5: <==== UWAGA (Plik w użyciu) Data utworzenia i modyfikacji: 2020-06-17 17:56 - 2020-08-14 17:04 Rozmiar: 004283392 Atrybuty: ----A Firma: Wewnętrzna nazwa: Oryginalna nazwa: Produkt: Opis: Plik Wersja: Produkt Wersja: Prawa autorskie: VirusTotal: 0-byte ====== Koniec File: ====== ========================= File: C:\Users\Dorota\AppData\Roaming\dbcfjie.exe ======================== "C:\Users\Dorota\AppData\Roaming\dbcfjie.exe" => nie znaleziono ====== Koniec File: ====== ========================= File: C:\WINDOWS\system32\dwm.exe ======================== C:\WINDOWS\system32\dwm.exe Catalog: C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0415~31bf3856ad364e35~amd64~~10.0.19041.630.cat Plik podpisany cyfrowo MD5: 7260B06613BC480862F379FF5CCD58B6 Data utworzenia i modyfikacji: 2020-10-30 19:49 - 2020-10-30 19:49 Rozmiar: 000094208 Atrybuty: ----A Firma: Microsoft Windows -> Microsoft Corporation Wewnętrzna nazwa: dwm.exe Oryginalna nazwa: dwm.exe Produkt: Microsoft® Windows® Operating System Opis: Desktop Window Manager Plik Wersja: 10.0.19041.508 (WinBuild.160101.0800) Produkt Wersja: 10.0.19041.508 Prawa autorskie: © Microsoft Corporation. All rights reserved. VirusTotal: https://www.virustotal.com/gui/file/18b84df6110f4a23660a256e558bce4f5fc0d47678e4d1f9f8188dd490e5b293/detection/f-18b84df6110f4a23660a256e558bce4f5fc0d47678e4d1f9f8188dd490e5b293-1607891360 ====== Koniec File: ====== "HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\haleng" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0B34E821-4859-42C7-B340-721047D7B52F}" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0B34E821-4859-42C7-B340-721047D7B52F}" => pomyślnie usunięto C:\WINDOWS\System32\Tasks\NvNgxUpdateCheckDaily_{2A68F03E-F03E-F03E-F03E-2A68F03EF03E} => pomyślnie przeniesiono "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NvNgxUpdateCheckDaily_{2A68F03E-F03E-F03E-F03E-2A68F03EF03E}" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{70674F09-FF37-4E72-B549-DC5042EEB161}" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{70674F09-FF37-4E72-B549-DC5042EEB161}" => pomyślnie usunięto C:\WINDOWS\System32\Tasks\178BFBFF00660F51 => pomyślnie przeniesiono "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\178BFBFF00660F51" => pomyślnie usunięto "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{380ae885-8c18-4d85-8701-7b8c8711ba40}\\DhcpNameServer" => pomyślnie usunięto C:\ProgramData\I6T6qBZuXkRTlSZ591 => pomyślnie przeniesiono C:\ProgramData\kaosdma.txt => pomyślnie przeniesiono C:\Users\Dorota\AppData\Roaming\Doleoni => pomyślnie przeniesiono C:\Users\Dorota\AppData\LocalLow\nb98wqnehe8bw89hb => pomyślnie przeniesiono C:\ProgramData\Riate => pomyślnie przeniesiono C:\WINDOWS\SysWOW64\tquvbhsn => pomyślnie przeniesiono C:\Users\Dorota\AppData\Roaming\Smart Clock => pomyślnie przeniesiono C:\Users\Dorota\AppData\Local\9443cc81-236c-4feb-a93d-f817e3ebe2ba => pomyślnie przeniesiono C:\Program Files (x86)\golefd => pomyślnie przeniesiono "C:\WINDOWS\system32\Tasks\NvNgxUpdateCheckDaily_{2A68F03E-F03E-F03E-F03E-2A68F03EF03E}" => nie znaleziono C:\ProgramData\C7YAA8R3BANCNN2GHJD4ZVA13 => pomyślnie przeniesiono C:\Users\Dorota\AppData\Roaming\7207061.79 => pomyślnie przeniesiono "C:\WINDOWS\system32\Tasks\178BFBFF00660F51" => nie znaleziono HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ FileSyncEx => pomyślnie usunięto HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\7-Zip => pomyślnie usunięto HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ANotepad++64 => pomyślnie usunięto HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BriefcaseMenu => pomyślnie usunięto HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => pomyślnie usunięto HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\ FileSyncEx => pomyślnie usunięto HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\7-Zip => pomyślnie usunięto HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\BriefcaseMenu => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3029403F-3C58-4C25-8BE1-A8E45C627D44}" => pomyślnie usunięto ========================= FilesInDirectory: C:\Users\Dorota\AppData\Local\*.exe;*.dll;*.ini;*.txt ======================== ====== Koniec Filesindirectory ====== ========================= FilesInDirectory: C:\Users\Dorota\AppData\Roaming\*.exe;*.dll;*.ini;*.txt ======================== ====== Koniec Filesindirectory ====== ========= dir /a "C:\ProgramData" ========= Volume in drive C has no label. Volume Serial Number is 2598-4140 Directory of C:\ProgramData 13.12.2020 20:42 . 13.12.2020 20:42 .. 24.03.2020 22:51 ALLPlayer 29.11.2020 17:47 AMD 21.05.2019 22:55 Battle.net 14.05.2020 21:39 boost_interprocess 28.09.2019 15:57 Canon 07.08.2019 09:29 Canon IJ Network Tool 07.08.2019 09:14 CanonBJ 03.10.2019 16:51 CanonIJMyPrinter 01.12.2020 11:07 CanonIJPLM 29.09.2019 09:23 CanonIJQuickMenu 07.08.2019 09:43 CanonIJWSpt 16.10.2019 20:24 Corel 29.10.2018 18:19 CyberLink 29.10.2018 19:17 DAEMON Tools Lite 29.10.2018 19:42 DAEMON Tools Pro 29.10.2018 19:36 DAEMON Tools Ultra 27.10.2018 02:18 Dane aplikacji [C:\ProgramData] 12.07.2019 11:57 DAZ 3D 17.06.2020 17:28 Dexster 19.03.2019 17:36 Disc-Soft 27.10.2018 02:18 Dokumenty [C:\Users\Public\Documents] 27.10.2018 11:33 ESET 28.02.2019 11:56 GraphicsType 09.12.2020 14:43 GridinSoft 27.10.2018 10:55 Hewlett-Packard 14.08.2019 16:21 HP 28.10.2018 13:28 IDM 13.10.2019 13:07 InstallShield 29.10.2018 18:30 install_clap 13.12.2020 17:01 Malwarebytes 27.10.2018 02:18 Menu Start [C:\ProgramData\Microsoft\Windows\Start Menu] 31.10.2020 09:59 Microsoft 16.08.2019 13:11 Microsoft Help 29.10.2018 20:31 Microsoft Toolkit 16.11.2018 02:08 Mirillis 02.12.2020 13:09 Mozilla 13.11.2020 21:57 Nero 12.07.2019 12:59 OptiTex 26.09.2020 19:09 Oracle 24.10.2020 21:17 Package Cache 31.10.2020 00:17 Packages 17.04.2020 18:09 Phenomedia 27.10.2018 02:18 Pulpit [C:\Users\Public\Desktop] 07.12.2020 11:03 Realtek 13.12.2020 17:50 regid.1991-06.com.microsoft 12.12.2020 22:29 RogueKiller 21.03.2020 18:34 Samsung 17.02.2019 16:54 Skype 07.12.2019 09:14 SoftwareDistribution 07.06.2019 11:00 60 SoftwareUpdateTemp.xml 27.10.2018 11:50 SoundResearch 30.10.2020 20:01 ssh 16.10.2019 20:39 SUPPORTDIR 24.05.2019 15:38 SystemAcCrux 27.10.2018 02:18 Szablony [C:\ProgramData\Microsoft\Windows\Templates] 29.10.2018 18:31 Temp 13.12.2020 16:26 Thunder Network 13.11.2018 19:03 Uninstall 12.10.2019 17:26 UniqueId 31.10.2020 00:17 USOPrivate 07.12.2019 09:14 USOShared 13.10.2019 14:07 VsTelemetry 07.12.2019 15:12 WindowsHolographicDevices 28.02.2019 11:59 Wondershare 1 File(s) 60 bytes 65 Dir(s) 128 657 752 064 bytes free ========= Koniec CMD: ========= ========= RemoveProxy: ========= "HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => pomyślnie usunięto "HKU\S-1-5-21-530551183-1267474143-722841221-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => pomyślnie usunięto "HKU\S-1-5-21-530551183-1267474143-722841221-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => pomyślnie usunięto ========= Koniec RemoveProxy: ========= C:\Windows\System32\Drivers\etc\hosts => pomyślnie przeniesiono Hosts pomyślnie przywrócono. =========== EmptyTemp: ========== BITS transfer queue => 10772480 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 22247123 B Java, Flash, Steam htmlcache => 0 B Windows/system/drivers => 62730337 B Edge => 0 B Chrome => 0 B Firefox => 204468193 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 0 B LocalService => 87444 B NetworkService => 87444 B Dorota => 243013352 B RecycleBin => 27976 B EmptyTemp: => 518.3 MB danych tymczasowych Usunięto. ================================ System wymagał restartu. ==== Koniec Fixlog 20:42:54 ====