Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja: 13-05-2020 01 Uruchomiony przez piotr (23-05-2020 21:21:36) Run:5 Uruchomiony z C:\Users\piotr\Desktop\Nowy folder Załadowane profile: piotr Tryb startu: Normal ============================================== fixlist - zawartość: ***************** CloseProcesses: CreateRestorePoint: EmptyTemp: HKU\S-1-5-21-2830509316-4061959040-275529259-1001\...\Run: [Rainlendar2] => D:\Program Files\Rainlendar2\Rainlendar2.exe HKU\S-1-5-21-2830509316-4061959040-275529259-1001\...\Run: [RAMKontroler] => C:\Program Files (x86)\XimSoft\RAM Kontroler\RamKontroler.exe HKU\S-1-5-21-2830509316-4061959040-275529259-1001\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun Task: C:\WINDOWS\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\MessageCheck.exe Tcpip\..\Interfaces\{8e43ee1d-19fb-4e7c-ae7a-60ccee768a53}: [DhcpNameServer] 192.168.8.1 BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll => Brak pliku BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll => Brak pliku Edge HKU\S-1-5-21-2830509316-4061959040-275529259-1001\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx FF HKU\S-1-5-21-2830509316-4061959040-275529259-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\piotr\AppData\Roaming\IDM\idmmzcc5 => nie znaleziono FF HKU\S-1-5-21-2830509316-4061959040-275529259-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi => nie znaleziono CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2019-10-28] (Zemana Ltd. -> Zemana Ltd.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ZAM.exe" /service => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ZAM.exe" /service => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\zam64.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\zamguard64.sys => ""="Driver" FirewallRules: [{944CC85C-0769-4F1D-8C1F-B7AA8E8969FD}] => (Allow) D:\Program Files (x86)\FormatFactory\FormatFactory.exe (暇光软件科技(上海)有限公司 -> Free Time Co., Ltd.) FirewallRules: [{7DEE16D5-8477-4823-BD4D-39200DD18B01}] => (Allow) D:\Program Files (x86)\FormatFactory\FormatFactory.exe (暇光软件科技(上海)有限公司 -> Free Time Co., Ltd.) FirewallRules: [{AF864C2D-F49B-41D1-87D2-71A05ED122A4}] => (Allow) D:\Program Files (x86)\FormatFactory\FormatFactory.exe (暇光软件科技(上海)有限公司 -> Free Time Co., Ltd.) FirewallRules: [{C349CAB8-6BA6-466E-8140-0A37BDB38205}] => (Allow) D:\Program Files (x86)\FormatFactory\FormatFactory.exe (暇光软件科技(上海)有限公司 -> Free Time Co., Ltd.) FirewallRules: [{E5D10CAD-201D-4A90-9BB1-0CB9913CE867}] => (Allow) D:\Program Files (x86)\FormatFactory\FormatFactory.exe (暇光软件科技(上海)有限公司 -> Free Time Co., Ltd.) FirewallRules: [{BB7E5391-5371-4256-AE25-DA5328993F87}] => (Allow) D:\Program Files (x86)\FormatFactory\FormatFactory.exe (暇光软件科技(上海)有限公司 -> Free Time Co., Ltd.) FirewallRules: [{35CC8EF4-A8C0-40E7-98FA-CE8A5C998954}] => (Allow) D:\Program Files (x86)\FormatFactory\FormatFactory.exe (暇光软件科技(上海)有限公司 -> Free Time Co., Ltd.) FirewallRules: [{FBC9566D-AA89-43A4-A3FC-F068355B97C5}] => (Allow) D:\Program Files (x86)\FormatFactory\FormatFactory.exe (暇光软件科技(上海)有限公司 -> Free Time Co., Ltd.) FirewallRules: [{F4645740-56F8-49E3-AF7E-9FD50CECA5C6}] => (Allow) D:\Program Files (x86)\FormatFactory\FormatFactory.exe (暇光软件科技(上海)有限公司 -> Free Time Co., Ltd.) FirewallRules: [{5C07111B-B4FE-4EC0-A6AA-76051E66A60C}] => (Allow) D:\Program Files (x86)\FormatFactory\FormatFactory.exe (暇光软件科技(上海)有限公司 -> Free Time Co., Ltd.) FirewallRules: [{C0D7D8D5-DB81-42E7-A388-9579800FC78E}] => (Allow) D:\Program Files (x86)\FormatFactory\FormatFactory.exe (暇光软件科技(上海)有限公司 -> Free Time Co., Ltd.) FirewallRules: [{8952C2AC-18F5-4A62-898D-CE7553BA22ED}] => (Allow) D:\Program Files (x86)\FormatFactory\FormatFactory.exe (暇光软件科技(上海)有限公司 -> Free Time Co., Ltd.) FirewallRules: [{9F1F8508-78DD-4303-AEC4-8E7F06FFFBEB}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{E85E93FC-FA01-4F86-851C-23DE6201B450}] => (Allow) D:\Program Files (x86)\FormatFactory\FormatFactory.exe (暇光软件科技(上海)有限公司 -> Free Time Co., Ltd.) FirewallRules: [{B632E50F-50B6-4B94-98EF-E933ED83C8BF}] => (Allow) D:\Program Files (x86)\FormatFactory\FormatFactory.exe (暇光软件科技(上海)有限公司 -> Free Time Co., Ltd.) FirewallRules: [{C5491003-8F15-4C75-925F-6F8DA6E7C5B9}] => (Allow) D:\Program Files (x86)\FormatFactory\FormatFactory.exe (暇光软件科技(上海)有限公司 -> Free Time Co., Ltd.) FirewallRules: [{AD93177B-A931-493A-916D-807CB8DB6735}] => (Allow) D:\Program Files (x86)\FormatFactory\FormatFactory.exe (暇光软件科技(上海)有限公司 -> Free Time Co., Ltd.) reg: REG add "HKLM\SYSTEM\CurrentControlSet\services\MpsSvc" /v Start /t REG_DWORD /d 2 /f reg: REG add "HKLM\SYSTEM\CurrentControlSet\services\MpsSvc" /v DelayedAutostart /t REG_DWORD /d 1 /f cmd: net start MpsSvc ***************** Procesy zostały pomyślnie zamknięte. Punkt przywracania został pomyślnie utworzony. "HKU\S-1-5-21-2830509316-4061959040-275529259-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Rainlendar2" => pomyślnie usunięto "HKU\S-1-5-21-2830509316-4061959040-275529259-1001\Software\Microsoft\Windows\CurrentVersion\Run\\RAMKontroler" => pomyślnie usunięto "HKU\S-1-5-21-2830509316-4061959040-275529259-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Sidebar" => pomyślnie usunięto C:\WINDOWS\Tasks\HP Photo Creations Communicator.job => pomyślnie przeniesiono "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8e43ee1d-19fb-4e7c-ae7a-60ccee768a53}\\DhcpNameServer" => pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8} => pomyślnie usunięto HKLM\Software\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8} => pomyślnie usunięto HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8} => pomyślnie usunięto HKLM\Software\Wow6432Node\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8} => pomyślnie usunięto HKU\S-1-5-21-2830509316-4061959040-275529259-1001\SOFTWARE\Microsoft\Edge\Extensions\ngpampappnmepgilojfohadhhmbhlaek => pomyślnie usunięto "HKU\S-1-5-21-2830509316-4061959040-275529259-1001\Software\Mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com" => pomyślnie usunięto "HKU\S-1-5-21-2830509316-4061959040-275529259-1001\Software\Mozilla\SeaMonkey\Extensions\\mozilla_cc2@internetdownloadmanager.com" => pomyślnie usunięto HKLM\SOFTWARE\Google\Chrome\Extensions\ngpampappnmepgilojfohadhhmbhlaek => pomyślnie usunięto HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ngpampappnmepgilojfohadhhmbhlaek => pomyślnie usunięto ZAM_Guard => Nie można zatrzymać usługi. HKLM\System\CurrentControlSet\Services\ZAM_Guard => pomyślnie usunięto ZAM_Guard => serwis pomyślnie usunięto HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\ZAM.exe" /service => pomyślnie usunięto HKLM\System\CurrentControlSet\Control\SafeBoot\Network\ZAM.exe" /service => pomyślnie usunięto HKLM\System\CurrentControlSet\Control\SafeBoot\Network\zam64.sys => pomyślnie usunięto HKLM\System\CurrentControlSet\Control\SafeBoot\Network\zamguard64.sys => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{944CC85C-0769-4F1D-8C1F-B7AA8E8969FD}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7DEE16D5-8477-4823-BD4D-39200DD18B01}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AF864C2D-F49B-41D1-87D2-71A05ED122A4}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C349CAB8-6BA6-466E-8140-0A37BDB38205}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E5D10CAD-201D-4A90-9BB1-0CB9913CE867}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BB7E5391-5371-4256-AE25-DA5328993F87}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{35CC8EF4-A8C0-40E7-98FA-CE8A5C998954}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FBC9566D-AA89-43A4-A3FC-F068355B97C5}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F4645740-56F8-49E3-AF7E-9FD50CECA5C6}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5C07111B-B4FE-4EC0-A6AA-76051E66A60C}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C0D7D8D5-DB81-42E7-A388-9579800FC78E}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8952C2AC-18F5-4A62-898D-CE7553BA22ED}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9F1F8508-78DD-4303-AEC4-8E7F06FFFBEB}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E85E93FC-FA01-4F86-851C-23DE6201B450}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B632E50F-50B6-4B94-98EF-E933ED83C8BF}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C5491003-8F15-4C75-925F-6F8DA6E7C5B9}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AD93177B-A931-493A-916D-807CB8DB6735}" => pomyślnie usunięto ========= REG add "HKLM\SYSTEM\CurrentControlSet\services\MpsSvc" /v Start /t REG_DWORD /d 2 /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= REG add "HKLM\SYSTEM\CurrentControlSet\services\MpsSvc" /v DelayedAutostart /t REG_DWORD /d 1 /f ========= Operacja ukoäczona pomy˜lnie. ========= Koniec Reg: ========= ========= net start MpsSvc ========= WystĄpiˆ bˆĄd systemu 1083. Program wykonywalny, w kt˘rym ta usˆuga (zgodnie z jej konfiguracjĄ) ma by† uruchomiona, nie implementuje usˆugi. ========= Koniec CMD: ========= =========== EmptyTemp: ========== BITS transfer queue => 10772480 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 12896858 B Java, Flash, Steam htmlcache => 0 B Windows/system/drivers => 874542 B Edge => 0 B Chrome => 0 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 0 B LocalService => 113804 B NetworkService => 131036 B piotr => 580490 B postgres => 580490 B RecycleBin => 292085 B EmptyTemp: => 25 MB danych tymczasowych Usunięto. ================================ System wymagał restartu. ==== Koniec Fixlog 21:21:54 ====