Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja: 06-06-2020 Uruchomiony przez oem (16-06-2020 07:30:41) Run:1 Uruchomiony z C:\Users\oem\Desktop Załadowane profile: oem Tryb startu: Normal ============================================== fixlist - zawartość: ***************** CloseProcesses: CreateRestorePoint: EmptyTemp: HKU\S-1-5-21-1631062182-3745506741-2849799659-1001\...\MountPoints2: {1f59cdf0-9038-11ea-a4e8-c81f660052a7} - "G:\HiSuiteDownLoader.exe" HKU\S-1-5-21-1631062182-3745506741-2849799659-1001\...\MountPoints2: {32566f32-9c30-11ea-a4f2-c81f660052a7} - "G:\LaunchU3.exe" -a HKU\S-1-5-21-1631062182-3745506741-2849799659-1001\...\MountPoints2: {70b23205-90fc-11ea-a4e9-c81f660052a7} - "G:\HiSuiteDownLoader.exe" HKU\S-1-5-21-1631062182-3745506741-2849799659-1001\...\MountPoints2: {e5e20628-d424-11e9-a4ce-c81f660052a7} - "G:\HiSuiteDownLoader.exe" HKU\S-1-5-21-1631062182-3745506741-2849799659-1001\...\MountPoints2: {edcfe255-1eb6-11ea-a4de-c81f660052a7} - "G:\HiSuiteDownLoader.exe" Tcpip\..\Interfaces\{31358c7a-e77d-4b6a-b981-03c482ea85db}: [DhcpNameServer] 91.239.113.3 46.45.78.2 HKU\S-1-5-21-1631062182-3745506741-2849799659-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gazeta.pl/0,0.html?p=190 S3 intaud_WaveExtensible; \SystemRoot\system32\drivers\intelaud.sys [X] S3 iwdbus; \SystemRoot\System32\drivers\iwdbus.sys [X] CustomCLSID: HKU\S-1-5-21-1631062182-3745506741-2849799659-1001_Classes\CLSID\{75f92b33-bbaa-b4b4-04ac-a7c07959e5a66}\InprocServer32 -> 0x374CA8FD3C2BD601974DE6C59C2DD601040000000C00000000000000 => Brak pliku CustomCLSID: HKU\S-1-5-21-1631062182-3745506741-2849799659-1001_Classes\CLSID\{9486aaf1-0930-362a-962d-8e6908739c817}\InprocServer32 -> 0x1017D9EF0E2AD601A0DBA5FD3C2BD601030000001700000000000000 => Brak pliku ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> Brak pliku ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> Brak pliku ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> Brak pliku ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> Brak pliku ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> Brak pliku AlternateDataStreams: C:\ProgramData\TEMP:4673E9EA [104] AlternateDataStreams: C:\Users\oem\OneDrive:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity [130] FirewallRules: [{D344C63B-B3CF-4B24-83AA-429A7F20D9AB}] => (Allow) LPort=5357 FirewallRules: [TCP Query User{FCD4CCE5-7EE8-4023-99DC-7DCC24D24BB5}C:\users\oem\appdata\local\programs\opera\65.0.3467.48\opera.exe] => (Block) C:\users\oem\appdata\local\programs\opera\65.0.3467.48\opera.exe => Brak pliku FirewallRules: [UDP Query User{9B045922-30EC-4C1D-BB9B-8292097D0504}C:\users\oem\appdata\local\programs\opera\65.0.3467.48\opera.exe] => (Block) C:\users\oem\appdata\local\programs\opera\65.0.3467.48\opera.exe => Brak pliku FirewallRules: [TCP Query User{02E1264D-2981-4B44-9F0D-9F5967DE1CCB}C:\users\oem\appdata\local\programs\opera\65.0.3467.62\opera.exe] => (Allow) C:\users\oem\appdata\local\programs\opera\65.0.3467.62\opera.exe => Brak pliku FirewallRules: [UDP Query User{C4638C0B-1D65-4C15-BBD1-1EDF86D8BAD1}C:\users\oem\appdata\local\programs\opera\65.0.3467.62\opera.exe] => (Allow) C:\users\oem\appdata\local\programs\opera\65.0.3467.62\opera.exe => Brak pliku FirewallRules: [TCP Query User{E35142C6-AED5-4905-AF17-2FC8B30CC41F}C:\users\oem\appdata\local\programs\opera\65.0.3467.72\opera.exe] => (Block) C:\users\oem\appdata\local\programs\opera\65.0.3467.72\opera.exe => Brak pliku FirewallRules: [UDP Query User{CF558019-4EAE-46E9-8343-293CCCE7E8A7}C:\users\oem\appdata\local\programs\opera\65.0.3467.72\opera.exe] => (Block) C:\users\oem\appdata\local\programs\opera\65.0.3467.72\opera.exe => Brak pliku FirewallRules: [TCP Query User{44C19C5A-B3C3-4F7D-92EB-9ECB96DB286C}C:\users\oem\appdata\local\programs\opera\65.0.3467.78\opera.exe] => (Block) C:\users\oem\appdata\local\programs\opera\65.0.3467.78\opera.exe => Brak pliku FirewallRules: [UDP Query User{73B4348B-7C23-444F-861E-84E6ED540DC8}C:\users\oem\appdata\local\programs\opera\65.0.3467.78\opera.exe] => (Block) C:\users\oem\appdata\local\programs\opera\65.0.3467.78\opera.exe => Brak pliku FirewallRules: [TCP Query User{0AB69AF6-4B44-4B1A-B951-F051CEA9FC9E}C:\users\oem\appdata\local\programs\opera gx\66.0.3515.75\opera.exe] => (Allow) C:\users\oem\appdata\local\programs\opera gx\66.0.3515.75\opera.exe => Brak pliku FirewallRules: [UDP Query User{5F0216CD-42CB-4D86-AD73-F378515E9257}C:\users\oem\appdata\local\programs\opera gx\66.0.3515.75\opera.exe] => (Allow) C:\users\oem\appdata\local\programs\opera gx\66.0.3515.75\opera.exe => Brak pliku FirewallRules: [TCP Query User{DCE6C8FF-48DB-408E-917F-249CE42896A5}C:\users\oem\appdata\local\programs\opera gx\66.0.3515.111\opera.exe] => (Block) C:\users\oem\appdata\local\programs\opera gx\66.0.3515.111\opera.exe => Brak pliku FirewallRules: [UDP Query User{40F44709-B809-48A4-A4E0-5A191DEBCC88}C:\users\oem\appdata\local\programs\opera gx\66.0.3515.111\opera.exe] => (Block) C:\users\oem\appdata\local\programs\opera gx\66.0.3515.111\opera.exe => Brak pliku FirewallRules: [TCP Query User{6242E5B9-67F9-47B4-9663-535259009E19}C:\users\oem\appdata\local\programs\opera\66.0.3515.115\opera.exe] => (Allow) C:\users\oem\appdata\local\programs\opera\66.0.3515.115\opera.exe => Brak pliku FirewallRules: [UDP Query User{5FBB8AC6-1EA9-4EE1-8C78-52F4EC6848D2}C:\users\oem\appdata\local\programs\opera\66.0.3515.115\opera.exe] => (Allow) C:\users\oem\appdata\local\programs\opera\66.0.3515.115\opera.exe => Brak pliku FirewallRules: [TCP Query User{44C99AD2-459E-43CB-9DD3-1560689489A8}C:\users\oem\appdata\local\programs\opera\67.0.3575.53\opera.exe] => (Block) C:\users\oem\appdata\local\programs\opera\67.0.3575.53\opera.exe => Brak pliku FirewallRules: [UDP Query User{0974227E-1163-4DBF-AD4A-19BEB9EC1DAE}C:\users\oem\appdata\local\programs\opera\67.0.3575.53\opera.exe] => (Block) C:\users\oem\appdata\local\programs\opera\67.0.3575.53\opera.exe => Brak pliku FirewallRules: [TCP Query User{6775E33B-10BE-4E70-A18A-A9749BB976F9}C:\users\oem\appdata\local\programs\opera gx\67.0.3575.78\opera.exe] => (Block) C:\users\oem\appdata\local\programs\opera gx\67.0.3575.78\opera.exe => Brak pliku FirewallRules: [UDP Query User{66CD66F9-22BD-4A81-A5E6-AA0F54018991}C:\users\oem\appdata\local\programs\opera gx\67.0.3575.78\opera.exe] => (Block) C:\users\oem\appdata\local\programs\opera gx\67.0.3575.78\opera.exe => Brak pliku FirewallRules: [TCP Query User{4B8807D5-88B6-4F7C-AD55-B2D9741BC105}C:\users\oem\appdata\local\programs\opera\67.0.3575.79\opera.exe] => (Block) C:\users\oem\appdata\local\programs\opera\67.0.3575.79\opera.exe => Brak pliku FirewallRules: [UDP Query User{7AC701AB-2A21-4176-A3B6-2C9E41952573}C:\users\oem\appdata\local\programs\opera\67.0.3575.79\opera.exe] => (Block) C:\users\oem\appdata\local\programs\opera\67.0.3575.79\opera.exe => Brak pliku FirewallRules: [TCP Query User{4A4CEA13-8C03-4FC8-BF0E-C879D87690D1}C:\users\oem\appdata\local\programs\opera gx\67.0.3575.87\opera.exe] => (Allow) C:\users\oem\appdata\local\programs\opera gx\67.0.3575.87\opera.exe => Brak pliku FirewallRules: [UDP Query User{D7D97156-D47B-4DCD-9319-FE4618059F50}C:\users\oem\appdata\local\programs\opera gx\67.0.3575.87\opera.exe] => (Allow) C:\users\oem\appdata\local\programs\opera gx\67.0.3575.87\opera.exe => Brak pliku FirewallRules: [TCP Query User{7BC9C6FE-9960-423D-807B-232EAFEE072B}C:\users\oem\appdata\local\programs\opera\67.0.3575.97\opera.exe] => (Block) C:\users\oem\appdata\local\programs\opera\67.0.3575.97\opera.exe => Brak pliku FirewallRules: [UDP Query User{36483176-9B58-4F6E-B5D2-95A255047D91}C:\users\oem\appdata\local\programs\opera\67.0.3575.97\opera.exe] => (Block) C:\users\oem\appdata\local\programs\opera\67.0.3575.97\opera.exe => Brak pliku FirewallRules: [TCP Query User{49B48EF7-D7A4-4319-8DBA-B34F0D49C6DC}C:\users\oem\appdata\local\programs\opera gx\67.0.3575.105\opera.exe] => (Allow) C:\users\oem\appdata\local\programs\opera gx\67.0.3575.105\opera.exe => Brak pliku FirewallRules: [UDP Query User{CF73BE56-A867-438A-B9B8-31760AAD34E0}C:\users\oem\appdata\local\programs\opera gx\67.0.3575.105\opera.exe] => (Allow) C:\users\oem\appdata\local\programs\opera gx\67.0.3575.105\opera.exe => Brak pliku FirewallRules: [TCP Query User{931D2DC9-3D63-477F-8A0F-FD5E5E41E97F}C:\users\oem\appdata\local\programs\opera\67.0.3575.115\opera.exe] => (Block) C:\users\oem\appdata\local\programs\opera\67.0.3575.115\opera.exe => Brak pliku FirewallRules: [UDP Query User{E23C1F46-B5F1-4126-B006-3D54C59B62AB}C:\users\oem\appdata\local\programs\opera\67.0.3575.115\opera.exe] => (Block) C:\users\oem\appdata\local\programs\opera\67.0.3575.115\opera.exe => Brak pliku FirewallRules: [TCP Query User{EAEC0582-F32E-46CF-B5F3-42B3EC38A573}C:\users\oem\appdata\local\programs\opera gx\67.0.3575.130\opera.exe] => (Block) C:\users\oem\appdata\local\programs\opera gx\67.0.3575.130\opera.exe => Brak pliku FirewallRules: [UDP Query User{473F3C59-5AA1-45F4-8348-421E5D59F202}C:\users\oem\appdata\local\programs\opera gx\67.0.3575.130\opera.exe] => (Block) C:\users\oem\appdata\local\programs\opera gx\67.0.3575.130\opera.exe => Brak pliku FirewallRules: [TCP Query User{BE27BD6A-F41E-4BB9-9466-074DD70FF01B}C:\users\oem\appdata\local\programs\opera gx\68.0.3618.112\opera.exe] => (Block) C:\users\oem\appdata\local\programs\opera gx\68.0.3618.112\opera.exe => Brak pliku FirewallRules: [UDP Query User{EB3F2FC5-22BD-4ECB-B820-30075F172AEA}C:\users\oem\appdata\local\programs\opera gx\68.0.3618.112\opera.exe] => (Block) C:\users\oem\appdata\local\programs\opera gx\68.0.3618.112\opera.exe => Brak pliku FirewallRules: [TCP Query User{78E86583-2DE7-456C-AEFB-3BCBDE82E5EE}C:\users\oem\appdata\local\programs\opera gx\68.0.3618.118\opera.exe] => (Block) C:\users\oem\appdata\local\programs\opera gx\68.0.3618.118\opera.exe => Brak pliku FirewallRules: [UDP Query User{F8EA0D98-8101-4FBB-98E1-A70D134C3B94}C:\users\oem\appdata\local\programs\opera gx\68.0.3618.118\opera.exe] => (Block) C:\users\oem\appdata\local\programs\opera gx\68.0.3618.118\opera.exe => Brak pliku RemoveProxy: CMD: reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options" /s ***************** Procesy zostały pomyślnie zamknięte. Punkt przywracania został pomyślnie utworzony. HKU\S-1-5-21-1631062182-3745506741-2849799659-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1f59cdf0-9038-11ea-a4e8-c81f660052a7} => pomyślnie usunięto HKU\S-1-5-21-1631062182-3745506741-2849799659-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{32566f32-9c30-11ea-a4f2-c81f660052a7} => pomyślnie usunięto HKU\S-1-5-21-1631062182-3745506741-2849799659-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{70b23205-90fc-11ea-a4e9-c81f660052a7} => pomyślnie usunięto HKU\S-1-5-21-1631062182-3745506741-2849799659-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e5e20628-d424-11e9-a4ce-c81f660052a7} => pomyślnie usunięto HKU\S-1-5-21-1631062182-3745506741-2849799659-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{edcfe255-1eb6-11ea-a4de-c81f660052a7} => pomyślnie usunięto "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{31358c7a-e77d-4b6a-b981-03c482ea85db}\\DhcpNameServer" => pomyślnie usunięto HKU\S-1-5-21-1631062182-3745506741-2849799659-1001\Software\Microsoft\Internet Explorer\Main\\"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" => Wartość pomyślnie przywrócono HKLM\System\CurrentControlSet\Services\intaud_WaveExtensible => pomyślnie usunięto intaud_WaveExtensible => serwis pomyślnie usunięto HKLM\System\CurrentControlSet\Services\iwdbus => pomyślnie usunięto iwdbus => serwis pomyślnie usunięto HKU\S-1-5-21-1631062182-3745506741-2849799659-1001_Classes\CLSID\{75f92b33-bbaa-b4b4-04ac-a7c07959e5a66} => pomyślnie usunięto HKU\S-1-5-21-1631062182-3745506741-2849799659-1001_Classes\CLSID\{9486aaf1-0930-362a-962d-8e6908739c817} => pomyślnie usunięto HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ANotepad++64 => pomyślnie usunięto HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BriefcaseMenu => pomyślnie usunięto "HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D}" => pomyślnie usunięto HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => pomyślnie usunięto HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => pomyślnie usunięto HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\BriefcaseMenu => pomyślnie usunięto C:\ProgramData\TEMP => ":4673E9EA" ADS pomyślnie usunięto C:\Users\oem\OneDrive => ":${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity" ADS niepowodzenie przy usuwaniu. "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D344C63B-B3CF-4B24-83AA-429A7F20D9AB}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{FCD4CCE5-7EE8-4023-99DC-7DCC24D24BB5}C:\users\oem\appdata\local\programs\opera\65.0.3467.48\opera.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{9B045922-30EC-4C1D-BB9B-8292097D0504}C:\users\oem\appdata\local\programs\opera\65.0.3467.48\opera.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{02E1264D-2981-4B44-9F0D-9F5967DE1CCB}C:\users\oem\appdata\local\programs\opera\65.0.3467.62\opera.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{C4638C0B-1D65-4C15-BBD1-1EDF86D8BAD1}C:\users\oem\appdata\local\programs\opera\65.0.3467.62\opera.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{E35142C6-AED5-4905-AF17-2FC8B30CC41F}C:\users\oem\appdata\local\programs\opera\65.0.3467.72\opera.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{CF558019-4EAE-46E9-8343-293CCCE7E8A7}C:\users\oem\appdata\local\programs\opera\65.0.3467.72\opera.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{44C19C5A-B3C3-4F7D-92EB-9ECB96DB286C}C:\users\oem\appdata\local\programs\opera\65.0.3467.78\opera.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{73B4348B-7C23-444F-861E-84E6ED540DC8}C:\users\oem\appdata\local\programs\opera\65.0.3467.78\opera.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{0AB69AF6-4B44-4B1A-B951-F051CEA9FC9E}C:\users\oem\appdata\local\programs\opera gx\66.0.3515.75\opera.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{5F0216CD-42CB-4D86-AD73-F378515E9257}C:\users\oem\appdata\local\programs\opera gx\66.0.3515.75\opera.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{DCE6C8FF-48DB-408E-917F-249CE42896A5}C:\users\oem\appdata\local\programs\opera gx\66.0.3515.111\opera.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{40F44709-B809-48A4-A4E0-5A191DEBCC88}C:\users\oem\appdata\local\programs\opera gx\66.0.3515.111\opera.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{6242E5B9-67F9-47B4-9663-535259009E19}C:\users\oem\appdata\local\programs\opera\66.0.3515.115\opera.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{5FBB8AC6-1EA9-4EE1-8C78-52F4EC6848D2}C:\users\oem\appdata\local\programs\opera\66.0.3515.115\opera.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{44C99AD2-459E-43CB-9DD3-1560689489A8}C:\users\oem\appdata\local\programs\opera\67.0.3575.53\opera.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{0974227E-1163-4DBF-AD4A-19BEB9EC1DAE}C:\users\oem\appdata\local\programs\opera\67.0.3575.53\opera.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{6775E33B-10BE-4E70-A18A-A9749BB976F9}C:\users\oem\appdata\local\programs\opera gx\67.0.3575.78\opera.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{66CD66F9-22BD-4A81-A5E6-AA0F54018991}C:\users\oem\appdata\local\programs\opera gx\67.0.3575.78\opera.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{4B8807D5-88B6-4F7C-AD55-B2D9741BC105}C:\users\oem\appdata\local\programs\opera\67.0.3575.79\opera.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{7AC701AB-2A21-4176-A3B6-2C9E41952573}C:\users\oem\appdata\local\programs\opera\67.0.3575.79\opera.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{4A4CEA13-8C03-4FC8-BF0E-C879D87690D1}C:\users\oem\appdata\local\programs\opera gx\67.0.3575.87\opera.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{D7D97156-D47B-4DCD-9319-FE4618059F50}C:\users\oem\appdata\local\programs\opera gx\67.0.3575.87\opera.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{7BC9C6FE-9960-423D-807B-232EAFEE072B}C:\users\oem\appdata\local\programs\opera\67.0.3575.97\opera.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{36483176-9B58-4F6E-B5D2-95A255047D91}C:\users\oem\appdata\local\programs\opera\67.0.3575.97\opera.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{49B48EF7-D7A4-4319-8DBA-B34F0D49C6DC}C:\users\oem\appdata\local\programs\opera gx\67.0.3575.105\opera.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{CF73BE56-A867-438A-B9B8-31760AAD34E0}C:\users\oem\appdata\local\programs\opera gx\67.0.3575.105\opera.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{931D2DC9-3D63-477F-8A0F-FD5E5E41E97F}C:\users\oem\appdata\local\programs\opera\67.0.3575.115\opera.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{E23C1F46-B5F1-4126-B006-3D54C59B62AB}C:\users\oem\appdata\local\programs\opera\67.0.3575.115\opera.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{EAEC0582-F32E-46CF-B5F3-42B3EC38A573}C:\users\oem\appdata\local\programs\opera gx\67.0.3575.130\opera.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{473F3C59-5AA1-45F4-8348-421E5D59F202}C:\users\oem\appdata\local\programs\opera gx\67.0.3575.130\opera.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{BE27BD6A-F41E-4BB9-9466-074DD70FF01B}C:\users\oem\appdata\local\programs\opera gx\68.0.3618.112\opera.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{EB3F2FC5-22BD-4ECB-B820-30075F172AEA}C:\users\oem\appdata\local\programs\opera gx\68.0.3618.112\opera.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{78E86583-2DE7-456C-AEFB-3BCBDE82E5EE}C:\users\oem\appdata\local\programs\opera gx\68.0.3618.118\opera.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{F8EA0D98-8101-4FBB-98E1-A70D134C3B94}C:\users\oem\appdata\local\programs\opera gx\68.0.3618.118\opera.exe" => pomyślnie usunięto ========= RemoveProxy: ========= "HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => pomyślnie usunięto "HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => pomyślnie usunięto "HKU\S-1-5-21-1631062182-3745506741-2849799659-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => pomyślnie usunięto "HKU\S-1-5-21-1631062182-3745506741-2849799659-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => pomyślnie usunięto ========= Koniec RemoveProxy: ========= ========= reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options" /s ========= HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\accicons.exe DisableExceptionChainValidation REG_DWORD 0x0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AcroExt.exe DisableExceptionChainValidation REG_DWORD 0x0 MitigationOptions REG_QWORD 0x100 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AcroRd32.exe DisableExceptionChainValidation REG_DWORD 0x0 MitigationOptions REG_QWORD 0x100 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AcroRd32Info.exe DisableExceptionChainValidation REG_DWORD 0x0 MitigationOptions REG_QWORD 0x100 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\clview.exe DisableExceptionChainValidation REG_DWORD 0x0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cnfnot32.exe DisableExceptionChainValidation REG_DWORD 0x0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dw20.exe DisableExceptionChainValidation REG_DWORD 0x0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dwtrig20.exe DisableExceptionChainValidation REG_DWORD 0x0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\excel.exe DisableExceptionChainValidation REG_DWORD 0x0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\excelcnv.exe DisableExceptionChainValidation REG_DWORD 0x0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ExtExport.exe MitigationOptions REG_QWORD 0x100 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FlashUtil32_32_0_0_387_pepper.exe DisableExceptionChainValidation REG_DWORD 0x0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FlashUtil64_32_0_0_387_pepper.exe DisableExceptionChainValidation REG_DWORD 0x0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe DisableExceptionChainValidation REG_DWORD 0x0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\graph.exe DisableExceptionChainValidation REG_DWORD 0x0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ie4uinit.exe MitigationOptions REG_QWORD 0x100 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ieinstal.exe MitigationOptions REG_QWORD 0x100 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ielowutil.exe MitigationOptions REG_QWORD 0x100 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ieUnatt.exe MitigationOptions REG_QWORD 0x100 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe DisableExceptionChainValidation REG_DWORD 0x0 DisableUserModeCallbackFilter REG_DWORD 0x1 MitigationOptions REG_QWORD 0x100 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\InetMgr.exe MitigationOptions REG_QWORD 0x1000000000000000 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MRT.exe CFGOptions REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msaccess.exe DisableExceptionChainValidation REG_DWORD 0x0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorsvw.exe MitigationOptions REG_QWORD 0x100000000 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msfeedssync.exe MitigationOptions REG_QWORD 0x100 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mshta.exe MitigationOptions REG_QWORD 0x100 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MsMpEng.exe CFGOptions REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msohtmed.exe DisableExceptionChainValidation REG_DWORD 0x0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msosync.exe DisableExceptionChainValidation REG_DWORD 0x0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msoxmled.exe DisableExceptionChainValidation REG_DWORD 0x0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mspub.exe DisableExceptionChainValidation REG_DWORD 0x0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msqry32.exe DisableExceptionChainValidation REG_DWORD 0x0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mstordb.exe DisableExceptionChainValidation REG_DWORD 0x0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mstore.exe DisableExceptionChainValidation REG_DWORD 0x0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ngen.exe MitigationOptions REG_QWORD 0x100000000 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ngentask.exe MitigationOptions REG_QWORD 0x100000000 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ois.exe DisableExceptionChainValidation REG_DWORD 0x0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\onelev.exe DisableExceptionChainValidation REG_DWORD 0x0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\onenote.exe DisableExceptionChainValidation REG_DWORD 0x0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\onenotem.exe DisableExceptionChainValidation REG_DWORD 0x0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ose.exe DisableExceptionChainValidation REG_DWORD 0x0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outlook.exe DisableExceptionChainValidation REG_DWORD 0x0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\powerpnt.exe DisableExceptionChainValidation REG_DWORD 0x0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PresentationHost.exe MitigationOptions REG_QWORD 0x111111 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PrintDialog.exe MitigationOptions REG_QWORD 0x100000000 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PrintIsolationHost.exe MitigationOptions REG_QWORD 0x200000 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\runtimebroker.exe MitigationOptions REG_QWORD 0x100000000 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scanost.exe DisableExceptionChainValidation REG_DWORD 0x0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scanpst.exe DisableExceptionChainValidation REG_DWORD 0x0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\selfcert.exe DisableExceptionChainValidation REG_DWORD 0x0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setlang.exe DisableExceptionChainValidation REG_DWORD 0x0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\splwow64.exe MitigationOptions REG_QWORD 0x200000 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe MitigationOptions REG_QWORD 0x200000 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\svchost.exe MinimumStackCommitInBytes REG_DWORD 0x8000 MitigationAuditOptions REG_QWORD 0x101000000000 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SystemSettings.exe MitigationOptions REG_QWORD 0x100000000 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vpreview.exe DisableExceptionChainValidation REG_DWORD 0x0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Winword.exe DisableExceptionChainValidation REG_DWORD 0x0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wordconv .exe DisableExceptionChainValidation REG_DWORD 0x0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wxp.exe DisableExceptionChainValidation REG_DWORD 0x0 ========= Koniec CMD: ========= =========== EmptyTemp: ========== BITS transfer queue => 10772480 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 356286792 B Java, Flash, Steam htmlcache => 0 B Windows/system/drivers => 4898530 B Edge => 847591 B Chrome => 459456763 B Firefox => 0 B Opera => 560581598 B Temp, IE cache, history, cookies, recent: Default => 0 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 0 B LocalService => 58268 B NetworkService => 6111564 B oem => 37958163 B DefaultAppPool => 37958163 B RecycleBin => 701658636 B EmptyTemp: => 2 GB danych tymczasowych Usunięto. ================================ System wymagał restartu. ==== Koniec Fixlog 07:34:08 ====