Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja: 15-01-2022
Uruchomiony przez pc (19-01-2022 20:38:34) Run:1
Uruchomiony z C:\Users\pc\Downloads
Załadowane profile: pc
Tryb startu: Normal
==============================================

fixlist - zawartość:
*****************
CreateRestorePoint:
CloseProcesses:
EmptyTemp:
File: 2022-01-17 19:35 - 2022-01-17 19:35 - 000003576 _____ C:\Windows\system32\Tasks\mjlooy.exe
HKLM\...\Policies\Explorer: [HideSCAMeetNow] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA
HKU\S-1-5-21-1789183414-2172948479-87873014-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize (Brak pliku)
HKU\S-1-5-21-1789183414-2172948479-87873014-1001\...\Policies\Explorer: [HideSCAMeetNow] 1
Policies: C:\ProgramData\NTUSER.pol: Ograniczenia <==== UWAGA
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Ograniczenia <==== UWAGA
HKLM\SOFTWARE\Policies\Microsoft\Edge: Ograniczenia <==== UWAGA
HKU\S-1-5-21-1789183414-2172948479-87873014-1001\SOFTWARE\Policies\Microsoft\Edge: Ograniczenia <==== UWAGA
Task: {1581E732-9CEC-481E-B1D1-5E7741B4A06F} - System32\Tasks\mjlooy.exe => C:\Users\pc\AppData\Local\Temp\b4af406cd1\mjlooy.exe (Brak pliku) <==== UWAGA
Task: {4826F8B5-5CA8-46C4-8F6D-187590636B2E} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1789183414-2172948479-87873014-500 => C:\Users\pc\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (Brak pliku)
Task: {946613F9-2B0B-41FD-B7AD-0BDE0631D4E0} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-1789183414-2172948479-87873014-1001 => C:\Users\pc\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe /reporting (Brak pliku)
Tcpip\..\Interfaces\{89add567-6bc5-4343-98a3-edd858f3517d}: [DhcpNameServer] 192.168.1.1
FF Notifications: Mozilla\Firefox\Profiles\yzot4jua.default-release -> hxxps://mail-notification.info; hxxps://zarabotok-online.xyz; hxxps://supertopfreegames.com; hxxps://best-loan-info.com; hxxps://ccleaner-download.xyz; hxxps://pinghauz.xyz; hxxps://s-tracking.xyz; hxxps://mnthor.xyz
S3 Disc Soft Lite Bus Service; "C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe" [X]
2022-01-17 19:48 - 2022-01-17 20:45 - 000000266 __RSH C:\ProgramData\ntuser.pol
2022-01-17 19:37 - 2022-01-17 20:43 - 000000000 ____D C:\Users\pc\AppData\Roaming\ca82a716069a53
2022-01-17 19:35 - 2022-01-17 20:43 - 000000000 ____D C:\Users\pc\AppData\Roaming\Green
2022-01-17 19:35 - 2022-01-17 19:35 - 000003576 _____ C:\Windows\system32\Tasks\mjlooy.exe
2022-01-17 19:34 - 2022-01-17 20:43 - 000000000 ____D C:\Users\pc\AppData\LocalLow\fB9oV
2022-01-17 19:34 - 2022-01-17 19:36 - 000000000 ____D C:\ProgramData\3AXVQBL3NYEOKCB7WSKHUWU0H
2022-01-17 19:34 - 2022-01-17 19:34 - 002818640 _____ C:\Users\pc\AppData\Roaming\6753253.exe
2022-01-17 19:34 - 2022-01-17 19:34 - 002818640 _____ C:\Users\pc\AppData\Roaming\5939593.exe
2022-01-17 19:34 - 2022-01-17 19:34 - 000419015 _____ C:\Users\pc\AppData\LocalLow\gqTw5q7XGxD.zip
2022-01-17 19:34 - 2022-01-17 19:34 - 000000000 ____D C:\Users\pc\AppData\LocalLow\discord_files
2022-01-17 19:34 - 2022-01-17 19:34 - 000000000 ____D C:\Users\pc\AppData\Local\Yandex
2022-01-17 19:34 - 2022-01-17 19:34 - 000000000 ____D C:\ProgramData\P14J04FARBOIIE2UXEHED2K41
2022-01-17 19:34 - 2022-01-17 19:34 - 002818640 _____ () C:\Users\pc\AppData\Roaming\5939593.exe
2022-01-17 19:34 - 2022-01-17 19:34 - 002818640 _____ () C:\Users\pc\AppData\Roaming\6753253.exe
CustomCLSID: HKU\S-1-5-21-1789183414-2172948479-87873014-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\pc\AppData\Local\Microsoft\OneDrive\21.245.1128.0002\FileSyncShell64.dll => Brak pliku
CustomCLSID: HKU\S-1-5-21-1789183414-2172948479-87873014-1001_Classes\CLSID\{20894375-46AE-46E2-BAFD-CB38975CDCE6}\InprocServer32 -> C:\Users\pc\AppData\Local\Microsoft\OneDrive\21.245.1128.0002\FileSyncShell64.dll => Brak pliku
CustomCLSID: HKU\S-1-5-21-1789183414-2172948479-87873014-1001_Classes\CLSID\{47E6DCAF-41F8-441C-BD0E-A50D5FE6C4D1}\localserver32 -> "C:\Users\pc\AppData\Local\Microsoft\OneDrive\21.245.1128.0002\Microsoft.SharePoint.exe" => Brak pliku
CustomCLSID: HKU\S-1-5-21-1789183414-2172948479-87873014-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\pc\AppData\Local\Microsoft\OneDrive\21.245.1128.0002\FileSyncShell64.dll => Brak pliku
CustomCLSID: HKU\S-1-5-21-1789183414-2172948479-87873014-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\pc\AppData\Local\Microsoft\OneDrive\21.245.1128.0002\FileSyncShell64.dll => Brak pliku
CustomCLSID: HKU\S-1-5-21-1789183414-2172948479-87873014-1001_Classes\CLSID\{917E8742-AA3B-7318-FA12-10485FB322A2}\localserver32 -> "C:\Users\pc\AppData\Local\Microsoft\OneDrive\21.245.1128.0002\Microsoft.SharePoint.exe" => Brak pliku
IE trusted site: HKU\S-1-5-21-1789183414-2172948479-87873014-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1789183414-2172948479-87873014-1001\...\webcompanion.com -> hxxp://webcompanion.com
FirewallRules: [TCP Query User{76DDBA30-A009-4DCD-A191-4CFB0E9705D5}C:\users\pc\appdata\local\programs\opera gx\78.0.4093.153\opera.exe] => (Allow) C:\users\pc\appdata\local\programs\opera gx\78.0.4093.153\opera.exe => Brak pliku
FirewallRules: [UDP Query User{45371DD2-9914-4EA7-9688-30BA077CA126}C:\users\pc\appdata\local\programs\opera gx\78.0.4093.153\opera.exe] => (Allow) C:\users\pc\appdata\local\programs\opera gx\78.0.4093.153\opera.exe => Brak pliku
FirewallRules: [TCP Query User{B58B1759-F76B-4994-AEF7-3E0E3598BEEC}F:\gry\jowood\gothic ii\_work\tools\zspy\zspy.exe] => (Allow) F:\gry\jowood\gothic ii\_work\tools\zspy\zspy.exe => Brak pliku
FirewallRules: [UDP Query User{5AD612E7-3EC6-4C2A-9D99-247BC513D701}F:\gry\jowood\gothic ii\_work\tools\zspy\zspy.exe] => (Allow) F:\gry\jowood\gothic ii\_work\tools\zspy\zspy.exe => Brak pliku
FirewallRules: [TCP Query User{ABA14CBE-6FE5-45B2-B57B-A1AF1B4D5C3C}C:\users\pc\appdata\local\programs\opera gx\78.0.4093.186\opera.exe] => (Allow) C:\users\pc\appdata\local\programs\opera gx\78.0.4093.186\opera.exe => Brak pliku
FirewallRules: [UDP Query User{8A3B13C2-1BA5-4F24-982D-ADC69C4124F1}C:\users\pc\appdata\local\programs\opera gx\78.0.4093.186\opera.exe] => (Allow) C:\users\pc\appdata\local\programs\opera gx\78.0.4093.186\opera.exe => Brak pliku
FirewallRules: [TCP Query User{854AAF2B-3565-4232-A2F7-C447E7F7438D}C:\users\pc\appdata\local\programs\opera gx\78.0.4093.214\opera.exe] => (Block) C:\users\pc\appdata\local\programs\opera gx\78.0.4093.214\opera.exe => Brak pliku
FirewallRules: [UDP Query User{D165A9B4-DCB5-4C12-815F-DAD880E9E134}C:\users\pc\appdata\local\programs\opera gx\78.0.4093.214\opera.exe] => (Block) C:\users\pc\appdata\local\programs\opera gx\78.0.4093.214\opera.exe => Brak pliku
FirewallRules: [{D2BD1E6F-B314-4245-BB49-B8A19C6EDF96}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe => Brak pliku
FirewallRules: [{E6AF91B9-F6F1-47DA-A41E-73BCBDAE3785}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe => Brak pliku
FirewallRules: [{48195D6F-B028-4B04-818E-38D5970DF772}] => (Allow) C:\Program Files (x86)\Overwolf\0.187.1.13\OverwolfBrowser.exe => Brak pliku
FirewallRules: [{438DABC5-A30D-4776-B3BB-638AD50DD695}] => (Allow) C:\Program Files (x86)\Overwolf\0.187.1.13\OverwolfBrowser.exe => Brak pliku
FirewallRules: [{EB524667-3898-4EA7-91BA-5DC22AF8445B}] => (Block) C:\Program Files (x86)\Overwolf\0.187.1.13\OverwolfBrowser.exe => Brak pliku
FirewallRules: [{1F2FACE5-0B03-4B32-8625-D7CA583781A9}] => (Block) C:\Program Files (x86)\Overwolf\0.187.1.13\OverwolfBrowser.exe => Brak pliku
RemoveProxy:
Hosts:

*****************

Punkt przywracania został pomyślnie utworzony.
Procesy zostały pomyślnie zamknięte.

========================= File: 2022-01-17 19:35 - 2022-01-17 19:35 - 000003576 _____ C:\Windows\system32\Tasks\mjlooy.exe ========================

"2022-01-17 19:35 - 2022-01-17 19:35 - 000003576 _____ C:\Windows\system32\Tasks\mjlooy.exe" => nie znaleziono
====== Koniec  File: ======

"HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideSCAMeetNow" => pomyślnie usunięto
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => niepowodzenie przy usuwaniu, klucz może być zabezpieczony
"HKU\S-1-5-21-1789183414-2172948479-87873014-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Web Companion" => pomyślnie usunięto
"HKU\S-1-5-21-1789183414-2172948479-87873014-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideSCAMeetNow" => pomyślnie usunięto
C:\ProgramData\NTUSER.pol => pomyślnie przeniesiono
HKLM\SOFTWARE\Policies\Mozilla => pomyślnie usunięto
HKLM\SOFTWARE\Policies\Microsoft\Edge => pomyślnie usunięto
HKU\S-1-5-21-1789183414-2172948479-87873014-1001\SOFTWARE\Policies\Microsoft\Edge => pomyślnie usunięto
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1581E732-9CEC-481E-B1D1-5E7741B4A06F}" => pomyślnie usunięto
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1581E732-9CEC-481E-B1D1-5E7741B4A06F}" => pomyślnie usunięto
C:\Windows\System32\Tasks\mjlooy.exe => pomyślnie przeniesiono
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\mjlooy.exe" => pomyślnie usunięto
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4826F8B5-5CA8-46C4-8F6D-187590636B2E}" => pomyślnie usunięto
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4826F8B5-5CA8-46C4-8F6D-187590636B2E}" => pomyślnie usunięto
C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1789183414-2172948479-87873014-500 => pomyślnie przeniesiono
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OneDrive Standalone Update Task-S-1-5-21-1789183414-2172948479-87873014-500" => pomyślnie usunięto
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{946613F9-2B0B-41FD-B7AD-0BDE0631D4E0}" => pomyślnie usunięto
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{946613F9-2B0B-41FD-B7AD-0BDE0631D4E0}" => pomyślnie usunięto
C:\Windows\System32\Tasks\OneDrive Reporting Task-S-1-5-21-1789183414-2172948479-87873014-1001 => pomyślnie przeniesiono
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OneDrive Reporting Task-S-1-5-21-1789183414-2172948479-87873014-1001" => pomyślnie usunięto
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{89add567-6bc5-4343-98a3-edd858f3517d}\\DhcpNameServer" => pomyślnie usunięto
"FF Notifications:" => pomyślnie usunięto
HKLM\System\CurrentControlSet\Services\Disc Soft Lite Bus Service => pomyślnie usunięto
Disc Soft Lite Bus Service => serwis pomyślnie usunięto
"C:\ProgramData\ntuser.pol" => nie znaleziono
C:\Users\pc\AppData\Roaming\ca82a716069a53 => pomyślnie przeniesiono
C:\Users\pc\AppData\Roaming\Green => pomyślnie przeniesiono
"C:\Windows\system32\Tasks\mjlooy.exe" => nie znaleziono
C:\Users\pc\AppData\LocalLow\fB9oV => pomyślnie przeniesiono
C:\ProgramData\3AXVQBL3NYEOKCB7WSKHUWU0H => pomyślnie przeniesiono
C:\Users\pc\AppData\Roaming\6753253.exe => pomyślnie przeniesiono
C:\Users\pc\AppData\Roaming\5939593.exe => pomyślnie przeniesiono
C:\Users\pc\AppData\LocalLow\gqTw5q7XGxD.zip => pomyślnie przeniesiono
C:\Users\pc\AppData\LocalLow\discord_files => pomyślnie przeniesiono
C:\Users\pc\AppData\Local\Yandex => pomyślnie przeniesiono
C:\ProgramData\P14J04FARBOIIE2UXEHED2K41 => pomyślnie przeniesiono
"C:\Users\pc\AppData\Roaming\5939593.exe" => nie znaleziono
"C:\Users\pc\AppData\Roaming\6753253.exe" => nie znaleziono
HKU\S-1-5-21-1789183414-2172948479-87873014-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E} => pomyślnie usunięto
HKU\S-1-5-21-1789183414-2172948479-87873014-1001_Classes\CLSID\{20894375-46AE-46E2-BAFD-CB38975CDCE6} => pomyślnie usunięto
HKU\S-1-5-21-1789183414-2172948479-87873014-1001_Classes\CLSID\{47E6DCAF-41F8-441C-BD0E-A50D5FE6C4D1} => pomyślnie usunięto
HKU\S-1-5-21-1789183414-2172948479-87873014-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C} => pomyślnie usunięto
HKU\S-1-5-21-1789183414-2172948479-87873014-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E} => pomyślnie usunięto
HKU\S-1-5-21-1789183414-2172948479-87873014-1001_Classes\CLSID\{917E8742-AA3B-7318-FA12-10485FB322A2} => pomyślnie usunięto
HKU\S-1-5-21-1789183414-2172948479-87873014-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost => pomyślnie usunięto
HKU\S-1-5-21-1789183414-2172948479-87873014-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com => pomyślnie usunięto
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{76DDBA30-A009-4DCD-A191-4CFB0E9705D5}C:\users\pc\appdata\local\programs\opera gx\78.0.4093.153\opera.exe" => pomyślnie usunięto
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{45371DD2-9914-4EA7-9688-30BA077CA126}C:\users\pc\appdata\local\programs\opera gx\78.0.4093.153\opera.exe" => pomyślnie usunięto
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{B58B1759-F76B-4994-AEF7-3E0E3598BEEC}F:\gry\jowood\gothic ii\_work\tools\zspy\zspy.exe" => pomyślnie usunięto
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{5AD612E7-3EC6-4C2A-9D99-247BC513D701}F:\gry\jowood\gothic ii\_work\tools\zspy\zspy.exe" => pomyślnie usunięto
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{ABA14CBE-6FE5-45B2-B57B-A1AF1B4D5C3C}C:\users\pc\appdata\local\programs\opera gx\78.0.4093.186\opera.exe" => pomyślnie usunięto
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{8A3B13C2-1BA5-4F24-982D-ADC69C4124F1}C:\users\pc\appdata\local\programs\opera gx\78.0.4093.186\opera.exe" => pomyślnie usunięto
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{854AAF2B-3565-4232-A2F7-C447E7F7438D}C:\users\pc\appdata\local\programs\opera gx\78.0.4093.214\opera.exe" => pomyślnie usunięto
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{D165A9B4-DCB5-4C12-815F-DAD880E9E134}C:\users\pc\appdata\local\programs\opera gx\78.0.4093.214\opera.exe" => pomyślnie usunięto
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D2BD1E6F-B314-4245-BB49-B8A19C6EDF96}" => pomyślnie usunięto
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E6AF91B9-F6F1-47DA-A41E-73BCBDAE3785}" => pomyślnie usunięto
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{48195D6F-B028-4B04-818E-38D5970DF772}" => pomyślnie usunięto
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{438DABC5-A30D-4776-B3BB-638AD50DD695}" => pomyślnie usunięto
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EB524667-3898-4EA7-91BA-5DC22AF8445B}" => pomyślnie usunięto
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1F2FACE5-0B03-4B32-8625-D7CA583781A9}" => pomyślnie usunięto

========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => pomyślnie usunięto
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => pomyślnie usunięto
"HKU\S-1-5-21-1789183414-2172948479-87873014-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => pomyślnie usunięto
"HKU\S-1-5-21-1789183414-2172948479-87873014-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => pomyślnie usunięto


========= Koniec  RemoveProxy: =========

C:\Windows\System32\Drivers\etc\hosts => pomyślnie przeniesiono
Hosts pomyślnie przywrócono.

=========== EmptyTemp: ==========

BITS transfer queue => 786432 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 51868321 B
Java, Flash, Steam htmlcache => 747312004 B
Windows/system/drivers => 27576 B
Edge => 0 B
Firefox => 11182604 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 3248 B
pc => 4553640 B

RecycleBin => 0 B
EmptyTemp: => 777.9 MB danych tymczasowych Usunięto.

================================

Rezultat przenoszenia plików przy restarcie (Tryb startu: Normal) (Data i godzina: 19-01-2022 20:40:10)


Rezultat usuwania kluczy przy restarcie:

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => pomyślnie usunięto

==== Koniec  Fixlog 20:40:10 ====