Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja: 06-04-2023 Uruchomiony przez Bartosz (07-04-2023 22:34:06) Run:2 Uruchomiony z C:\Users\Bartosz\Downloads Załadowane profile: Bartosz Tryb startu: Normal ============================================== fixlist - zawartość: ***************** CreateRestorePoint: CloseProcesses: EmptyTemp: HKU\S-1-5-21-1021472211-3131425956-1835072169-1001\...\MountPoints2: {64981654-3e76-11ec-b16d-3085a93de9b3} - "F:\HiSuiteDownLoader.exe" HKU\S-1-5-21-1021472211-3131425956-1835072169-1001\...\MountPoints2: {7972ec4d-0608-11e7-bf30-3085a93de9b3} - "F:\setup.exe" HKLM\SOFTWARE\Policies\Mozilla\Firefox: Ograniczenia <==== UWAGA Task: {08A8C2F3-65CB-4072-A336-D152662EFE84} - System32\Tasks\Microsoft\Windows\termsrv\RemoteFX\RemoteFXvGPUDisableTask => C:\WINDOWS\System32\RemoteFXvGPUDisablement.exe Disable (Brak pliku) Task: {51B776BC-977E-4D84-BE16-38B95F0846CC} - System32\Tasks\Microsoft\Windows\termsrv\RemoteFX\RemoteFXWarningTask => C:\WINDOWS\System32\RemoteFXvGPUDisablement.exe Warning (Brak pliku) Task: {691F452F-CFB7-4B13-9F50-9125D1297127} - System32\Tasks\Opera scheduled Autoupdate 1646142067 => C:\Users\Bartosz\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (Brak pliku) Tcpip\..\Interfaces\{7c278129-509c-4bd4-b19b-0aa3e5d7ccf8}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{d4c5f0ca-5b2e-46c2-81a8-07d82faba501}: [DhcpNameServer] 192.168.0.1 192.168.0.1 S4 nvvhci; \SystemRoot\System32\drivers\nvvhci.sys [X] CustomCLSID: HKU\S-1-5-21-1021472211-3131425956-1835072169-1001_Classes\CLSID\{2EF7E390-2F7C-4F9A-9B7D-4A87B56B711D}\InprocServer32 -> C:\Users\Bartosz\AppData\Local\Microsoft\EdgeUpdate\1.3.173.51\psuser_64.dll => Brak pliku CustomCLSID: HKU\S-1-5-21-1021472211-3131425956-1835072169-1001_Classes\CLSID\{38971E90-14FD-44F6-AA45-1447B653F873}\InprocServer32 -> C:\Users\Bartosz\AppData\Local\Microsoft\EdgeUpdate\1.3.173.45\psuser_64.dll => Brak pliku CustomCLSID: HKU\S-1-5-21-1021472211-3131425956-1835072169-1001_Classes\CLSID\{88B20FC8-EBD6-4181-B5F6-50F45BFF722E}\InprocServer32 -> C:\Users\Bartosz\AppData\Local\Microsoft\EdgeUpdate\1.3.167.21\psuser_64.dll => Brak pliku CustomCLSID: HKU\S-1-5-21-1021472211-3131425956-1835072169-1001_Classes\CLSID\{997809F3-33FD-4FD6-A2ED-CEF50F3263B1}\InprocServer32 -> C:\Users\Bartosz\AppData\Local\Microsoft\EdgeUpdate\1.3.169.31\psuser_64.dll => Brak pliku CustomCLSID: HKU\S-1-5-21-1021472211-3131425956-1835072169-1001_Classes\CLSID\{ABF66F82-B04C-4FE4-8272-661539463FE1}\InprocServer32 -> C:\Users\Bartosz\AppData\Local\Microsoft\EdgeUpdate\1.3.171.37\psuser_64.dll => Brak pliku CustomCLSID: HKU\S-1-5-21-1021472211-3131425956-1835072169-1001_Classes\CLSID\{B29F5F83-90DF-479A-BDE7-8A9F4412E394}\InprocServer32 -> C:\Users\Bartosz\AppData\Local\Microsoft\EdgeUpdate\1.3.171.39\psuser_64.dll => Brak pliku CustomCLSID: HKU\S-1-5-21-1021472211-3131425956-1835072169-1001_Classes\CLSID\{BFBE0943-74C5-40E0-9E80-0B808109E95D}\InprocServer32 -> C:\Users\Bartosz\AppData\Local\Microsoft\EdgeUpdate\1.3.163.19\psuser_64.dll => Brak pliku CustomCLSID: HKU\S-1-5-21-1021472211-3131425956-1835072169-1001_Classes\CLSID\{D1CE12B0-2529-4B24-BE8E-189735EA0DC1}\InprocServer32 -> C:\Users\Bartosz\AppData\Local\Microsoft\EdgeUpdate\1.3.165.21\psuser_64.dll => Brak pliku CustomCLSID: HKU\S-1-5-21-1021472211-3131425956-1835072169-1001_Classes\CLSID\{E8791438-3525-48BF-A600-C577AD1674C2}\InprocServer32 -> C:\Users\Bartosz\AppData\Local\Microsoft\EdgeUpdate\1.3.173.49\psuser_64.dll => Brak pliku ContextMenuHandlers1: [WinRAR] -> [CC]{B41DB860-64E4-11D2-9906-E49FADC173CA} => -> Brak pliku ContextMenuHandlers1: [WinRAR32] -> [CC]{B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> Brak pliku AlternateDataStreams: C:\Users\Bartosz\Dane aplikacji:00e481b5e22dbe1f649fcddd505d3eb7 [394] AlternateDataStreams: C:\Users\Bartosz\AppData\Roaming:00e481b5e22dbe1f649fcddd505d3eb7 [394] FirewallRules: [{3351669E-037C-41A7-B425-599A3885FA44}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{0D149253-A968-4645-A298-9A35E056799F}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{FE99A5A6-D1F9-4224-868D-8C31E45549CB}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{EF6B331E-9BDD-4730-8C87-2342E70A7716}] => (Allow) C:\Users\Bartosz\AppData\Local\Programs\Opera\84.0.4316.21\opera.exe => Brak pliku FF NewTab: Mozilla\Firefox\Profiles\wacqrsu3.default-1615227724883 -> hxxps://poshukach.com?fr=ps&gp=496722&altserp=1 File: C:\Users\Bartosz\dnMEuInbOw.exe 2018-08-07 11:29 - 2018-08-07 11:29 - 000000002 _____ () C:\Users\Bartosz\AppData\Local\imw.ini ***************** Punkt przywracania został pomyślnie utworzony. Procesy zostały pomyślnie zamknięte. HKU\S-1-5-21-1021472211-3131425956-1835072169-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{64981654-3e76-11ec-b16d-3085a93de9b3} => pomyślnie usunięto HKU\S-1-5-21-1021472211-3131425956-1835072169-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7972ec4d-0608-11e7-bf30-3085a93de9b3} => pomyślnie usunięto HKLM\SOFTWARE\Policies\Mozilla => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{08A8C2F3-65CB-4072-A336-D152662EFE84}" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{08A8C2F3-65CB-4072-A336-D152662EFE84}" => pomyślnie usunięto C:\WINDOWS\System32\Tasks\Microsoft\Windows\termsrv\RemoteFX\RemoteFXvGPUDisableTask => pomyślnie przeniesiono "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\termsrv\RemoteFX\RemoteFXvGPUDisableTask" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{51B776BC-977E-4D84-BE16-38B95F0846CC}" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{51B776BC-977E-4D84-BE16-38B95F0846CC}" => pomyślnie usunięto C:\WINDOWS\System32\Tasks\Microsoft\Windows\termsrv\RemoteFX\RemoteFXWarningTask => pomyślnie przeniesiono "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\termsrv\RemoteFX\RemoteFXWarningTask" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{691F452F-CFB7-4B13-9F50-9125D1297127}" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{691F452F-CFB7-4B13-9F50-9125D1297127}" => pomyślnie usunięto C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1646142067 => pomyślnie przeniesiono "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Opera scheduled Autoupdate 1646142067" => pomyślnie usunięto "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7c278129-509c-4bd4-b19b-0aa3e5d7ccf8}\\DhcpNameServer" => pomyślnie usunięto "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{d4c5f0ca-5b2e-46c2-81a8-07d82faba501}\\DhcpNameServer" => pomyślnie usunięto HKLM\System\CurrentControlSet\Services\nvvhci => pomyślnie usunięto nvvhci => serwis pomyślnie usunięto HKU\S-1-5-21-1021472211-3131425956-1835072169-1001_Classes\CLSID\{2EF7E390-2F7C-4F9A-9B7D-4A87B56B711D} => pomyślnie usunięto HKU\S-1-5-21-1021472211-3131425956-1835072169-1001_Classes\CLSID\{38971E90-14FD-44F6-AA45-1447B653F873} => pomyślnie usunięto HKU\S-1-5-21-1021472211-3131425956-1835072169-1001_Classes\CLSID\{88B20FC8-EBD6-4181-B5F6-50F45BFF722E} => pomyślnie usunięto HKU\S-1-5-21-1021472211-3131425956-1835072169-1001_Classes\CLSID\{997809F3-33FD-4FD6-A2ED-CEF50F3263B1} => pomyślnie usunięto HKU\S-1-5-21-1021472211-3131425956-1835072169-1001_Classes\CLSID\{ABF66F82-B04C-4FE4-8272-661539463FE1} => pomyślnie usunięto HKU\S-1-5-21-1021472211-3131425956-1835072169-1001_Classes\CLSID\{B29F5F83-90DF-479A-BDE7-8A9F4412E394} => pomyślnie usunięto HKU\S-1-5-21-1021472211-3131425956-1835072169-1001_Classes\CLSID\{BFBE0943-74C5-40E0-9E80-0B808109E95D} => pomyślnie usunięto HKU\S-1-5-21-1021472211-3131425956-1835072169-1001_Classes\CLSID\{D1CE12B0-2529-4B24-BE8E-189735EA0DC1} => pomyślnie usunięto HKU\S-1-5-21-1021472211-3131425956-1835072169-1001_Classes\CLSID\{E8791438-3525-48BF-A600-C577AD1674C2} => pomyślnie usunięto HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WinRAR => pomyślnie usunięto HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WinRAR32 => pomyślnie usunięto C:\Users\Bartosz\Dane aplikacji => ":00e481b5e22dbe1f649fcddd505d3eb7" ADS pomyślnie usunięto "C:\Users\Bartosz\AppData\Roaming" => ":00e481b5e22dbe1f649fcddd505d3eb7" ADS nie znaleziono. "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3351669E-037C-41A7-B425-599A3885FA44}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0D149253-A968-4645-A298-9A35E056799F}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FE99A5A6-D1F9-4224-868D-8C31E45549CB}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EF6B331E-9BDD-4730-8C87-2342E70A7716}" => pomyślnie usunięto "Firefox newtab" => pomyślnie usunięto ========================= File: C:\Users\Bartosz\dnMEuInbOw.exe ======================== C:\Users\Bartosz\dnMEuInbOw.exe Brak podpisu cyfrowego MD5: 12C17B5A5C2A7B97342C362CA467E9A2 Data utworzenia i modyfikacji: 2018-04-12 01:34 - 2018-04-12 01:34 Rozmiar: 000059904 Atrybuty: ----A Firma: Microsoft Corporation Wewnętrzna nazwa: msiexec Oryginalna nazwa: msiexec.exe Produkt: Windows Installer - Unicode Opis: Windows® installer Plik Wersja: 5.0.17134.1 (WinBuild.160101.0800) Produkt Wersja: 5.0.17134.1 Prawa autorskie: © Microsoft Corporation. All rights reserved. VirusTotal: https://www.virustotal.com/gui/file/b656b13e12b9caa5c0e041d6528aae515c310edb77a1267b73d901a7ba3a86fd/detection/f-b656b13e12b9caa5c0e041d6528aae515c310edb77a1267b73d901a7ba3a86fd-1680836989 ====== Koniec File: ====== C:\Users\Bartosz\AppData\Local\imw.ini => pomyślnie przeniesiono =========== EmptyTemp: ========== FlushDNS => ukończone BITS transfer queue => 1310720 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 1612151977 B Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 915191020 B Windows/system/drivers => 5261021 B Edge => 505509 B Chrome => 401413811 B Firefox => 2338134279 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 0 B LocalService => 7330 B NetworkService => 1432730 B Bartosz => 79566858 B MSSQL$ELISOFT => 79566858 B RecycleBin => 99636886 B EmptyTemp: => 5.2 GB danych tymczasowych Usunięto. ================================ System wymagał restartu. ==== Koniec Fixlog 22:41:05 ====