Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja: 19-06-2022 Uruchomiony przez sebastian (20-06-2022 18:00:03) Run:1 Uruchomiony z C:\Users\sebastian\Desktop Załadowane profile: sebastian Tryb startu: Normal ============================================== fixlist - zawartość: ***************** CreateRestorePoint: CloseProcesses: (explorer.exe ->) (Microsoft Corporation) [Brak podpisu cyfrowego] [Plik w użyciu] C:\Users\sebastian\AppData\Roaming\.dllbackups\dllruntime.exe <2> (C:\Users\sebastian\AppData\Local\Temp\24qrrXHyyao7PIDSMXbgocvqIlv\services.exe ->) () [Brak podpisu cyfrowego] C:\Users\sebastian\AppData\Roaming\.dllbackups\data\modules\dll-host\downloads\phoenix\Antimalware Service Executable.exe (C:\Users\sebastian\AppData\Local\Temp\24qrrXHyyao7PIDSMXbgocvqIlv\services.exe ->) (Microsoft Corporation) [Brak podpisu cyfrowego] [Plik w użyciu] C:\Users\sebastian\AppData\Roaming\.dllbackups\data\modules\dll-propagation\dll-propagation_2.9.8.exe (C:\Users\sebastian\AppData\Local\Temp\24qrrXHyyao7PIDSMXbgocvqIlv\services.exe ->) (www.xmrig.com) [Brak podpisu cyfrowego] C:\Users\sebastian\AppData\Roaming\.dllbackups\data\modules\dll-host\downloads\xmrig\MS Defender.exe (C:\Users\sebastian\AppData\Roaming\.dllbackups\data\modules\dll-propagation\dll-propagation_2.9.8.exe ->) (Microsoft Corporation) [Brak podpisu cyfrowego] C:\Users\sebastian\AppData\Local\Temp\1xq0MkKMTM0YtEl1JnXJ2x0ArfP\dll-propagation.exe <3> (C:\Users\sebastian\AppData\Roaming\.dllbackups\dllruntime.exe ->) (Microsoft Corporation) [Brak podpisu cyfrowego] C:\Users\sebastian\AppData\Local\Temp\24qrrXHyyao7PIDSMXbgocvqIlv\services.exe <7> HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Ograniczenia <==== UWAGA HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Ograniczenia <==== UWAGA HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Ograniczenia <==== UWAGA HKU\S-1-5-21-3182251074-1433944820-3341931099-1001\...\Run: [AnyTransToolHelper] => C:\Program Files\AnyTrans for iOS\AnyTransToolHelper.exe (Brak pliku) HKU\S-1-5-21-3182251074-1433944820-3341931099-1001\...\Run: [SoundID Listen.exe] => C:\Program Files\SoundID Listen\Current Version\SoundID Listen.exe --launched-on-startup (Brak pliku) HKU\S-1-5-21-3182251074-1433944820-3341931099-1001\...\Run: [electron.app.dllservices] => C:\Users\sebastian\AppData\Roaming\.dllbackups\dllruntime.exe [63159807 2022-06-17] (Microsoft Corporation) [Brak podpisu cyfrowego] [Plik w użyciu] HKU\S-1-5-21-3182251074-1433944820-3341931099-1001\...\Run: [electron.app.services] => C:\Users\sebastian\AppData\Roaming\.dllbackups\dllruntime.exe [63159807 2022-06-17] (Microsoft Corporation) [Brak podpisu cyfrowego] [Plik w użyciu] Task: {27909E7B-7F00-4886-8F80-616F184A45F2} - System32\Tasks\HWiNFO => C:\Users\sebastian\Desktop\hwi_704\HWiNFO64.exe (Brak pliku) Task: {2ABCD965-271D-4928-85AA-6C0AB1EE7BD7} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate Task: {372D11FD-DA0C-4FDC-9C27-1465E9F2AA8A} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB" Task: {3EC4A9DE-514D-48FE-8FD0-117DB415E580} - System32\Tasks\Core Temp Autostart sebastian => C:\Program Files\Core Temp\Core Temp.exe (Brak pliku) Task: {4826F8B5-5CA8-46C4-8F6D-187590636B2E} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3182251074-1433944820-3341931099-500 => C:\Users\sebastian\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (Brak pliku) Tcpip\Parameters: [DhcpNameServer] 91.218.211.210 91.218.203.34 Tcpip\..\Interfaces\{dcb5644f-d5d6-4732-9182-123a06119733}: [NameServer] 1.1.1.1,1.0.0.1 Tcpip\..\Interfaces\{dcb5644f-d5d6-4732-9182-123a06119733}: [DhcpNameServer] 91.218.211.210 91.218.203.34 2022-06-19 19:21 - 2022-06-19 19:21 - 000000000 ____D C:\Users\sebastian\AppData\Roaming\Ookla 2022-06-17 11:38 - 2022-06-20 16:28 - 000000000 ____D C:\Users\sebastian\AppData\Roaming\dll-propagation 2022-06-17 07:37 - 2022-06-17 09:56 - 000000000 ___HD C:\Users\sebastian\AppData\Roaming\.dllbackups 2022-06-17 07:37 - 2022-06-17 07:37 - 000000000 ____D C:\Users\sebastian\AppData\Roaming\dllservices CustomCLSID: HKU\S-1-5-21-3182251074-1433944820-3341931099-1001_Classes\CLSID\{d936918b-9c4b-555e-074a-c79314be04e1}\localserver32 -> "C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.exe" -ToastActivated => Brak pliku AlternateDataStreams: C:\steam_api64.dll:{3629C49D-42C6-4CD8-B2A9-606E13C1E6EA} [28016642] AlternateDataStreams: C:\steam_api64.dll:{BCA835E9-27DD-49D4-9E47-4CD16F9DC264} [28] AlternateDataStreams: C:\Users\sebastian\Dane aplikacji:00e481b5e22dbe1f649fcddd505d3eb7 [394] AlternateDataStreams: C:\Users\sebastian\AppData\Roaming:00e481b5e22dbe1f649fcddd505d3eb7 [394] CMD: netsh advfirewall reset CMD: ipconfig /flushdns EmptyTemp: ***************** Punkt przywracania został pomyślnie utworzony. Procesy zostały pomyślnie zamknięte. C:\Users\sebastian\AppData\Roaming\.dllbackups\dllruntime.exe => Nie odnaleziono uruchomionego procesu C:\Users\sebastian\AppData\Roaming\.dllbackups\data\modules\dll-host\downloads\phoenix\Antimalware Service Executable.exe => Nie odnaleziono uruchomionego procesu C:\Users\sebastian\AppData\Roaming\.dllbackups\data\modules\dll-propagation\dll-propagation_2.9.8.exe => Nie odnaleziono uruchomionego procesu C:\Users\sebastian\AppData\Roaming\.dllbackups\data\modules\dll-host\downloads\xmrig\MS Defender.exe => Nie odnaleziono uruchomionego procesu C:\Users\sebastian\AppData\Local\Temp\1xq0MkKMTM0YtEl1JnXJ2x0ArfP\dll-propagation.exe => Nie odnaleziono uruchomionego procesu C:\Users\sebastian\AppData\Local\Temp\24qrrXHyyao7PIDSMXbgocvqIlv\services.exe => Nie odnaleziono uruchomionego procesu HKLM\SOFTWARE\Microsoft\Windows Defender\\"DisableAntiSpyware"="0" => Wartość pomyślnie przywrócono HKLM\SOFTWARE\Microsoft\Windows Defender\\"DisableAntiVirus"="0" => Wartość pomyślnie przywrócono HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => pomyślnie usunięto HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate => pomyślnie usunięto "HKU\S-1-5-21-3182251074-1433944820-3341931099-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AnyTransToolHelper" => pomyślnie usunięto "HKU\S-1-5-21-3182251074-1433944820-3341931099-1001\Software\Microsoft\Windows\CurrentVersion\Run\\SoundID Listen.exe" => pomyślnie usunięto "HKU\S-1-5-21-3182251074-1433944820-3341931099-1001\Software\Microsoft\Windows\CurrentVersion\Run\\electron.app.dllservices" => pomyślnie usunięto "HKU\S-1-5-21-3182251074-1433944820-3341931099-1001\Software\Microsoft\Windows\CurrentVersion\Run\\electron.app.services" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{27909E7B-7F00-4886-8F80-616F184A45F2}" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{27909E7B-7F00-4886-8F80-616F184A45F2}" => pomyślnie usunięto C:\Windows\System32\Tasks\HWiNFO => pomyślnie przeniesiono "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HWiNFO" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2ABCD965-271D-4928-85AA-6C0AB1EE7BD7}" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2ABCD965-271D-4928-85AA-6C0AB1EE7BD7}" => pomyślnie usunięto C:\Windows\System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => pomyślnie przeniesiono "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Mozilla\Firefox Background Update 308046B0AF4A39CB" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{372D11FD-DA0C-4FDC-9C27-1465E9F2AA8A}" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{372D11FD-DA0C-4FDC-9C27-1465E9F2AA8A}" => pomyślnie usunięto C:\Windows\System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => pomyślnie przeniesiono "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3EC4A9DE-514D-48FE-8FD0-117DB415E580}" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3EC4A9DE-514D-48FE-8FD0-117DB415E580}" => pomyślnie usunięto C:\Windows\System32\Tasks\Core Temp Autostart sebastian => pomyślnie przeniesiono "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Core Temp Autostart sebastian" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4826F8B5-5CA8-46C4-8F6D-187590636B2E}" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4826F8B5-5CA8-46C4-8F6D-187590636B2E}" => pomyślnie usunięto C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3182251074-1433944820-3341931099-500 => pomyślnie przeniesiono "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OneDrive Standalone Update Task-S-1-5-21-3182251074-1433944820-3341931099-500" => pomyślnie usunięto "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer" => pomyślnie usunięto "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{dcb5644f-d5d6-4732-9182-123a06119733}\\NameServer" => pomyślnie usunięto "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{dcb5644f-d5d6-4732-9182-123a06119733}\\DhcpNameServer" => pomyślnie usunięto C:\Users\sebastian\AppData\Roaming\Ookla => pomyślnie przeniesiono C:\Users\sebastian\AppData\Roaming\dll-propagation => pomyślnie przeniesiono C:\Users\sebastian\AppData\Roaming\.dllbackups => pomyślnie przeniesiono C:\Users\sebastian\AppData\Roaming\dllservices => pomyślnie przeniesiono HKU\S-1-5-21-3182251074-1433944820-3341931099-1001_Classes\CLSID\{d936918b-9c4b-555e-074a-c79314be04e1} => pomyślnie usunięto C:\steam_api64.dll => ":{3629C49D-42C6-4CD8-B2A9-606E13C1E6EA}" ADS pomyślnie usunięto C:\steam_api64.dll => ":{BCA835E9-27DD-49D4-9E47-4CD16F9DC264}" ADS pomyślnie usunięto C:\Users\sebastian\Dane aplikacji => ":00e481b5e22dbe1f649fcddd505d3eb7" ADS pomyślnie usunięto "C:\Users\sebastian\AppData\Roaming" => ":00e481b5e22dbe1f649fcddd505d3eb7" ADS nie znaleziono. ========= netsh advfirewall reset ========= Ok. ========= Koniec CMD: ========= ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= Koniec CMD: ========= =========== EmptyTemp: ========== BITS transfer queue => 0 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 1072340616 B Java, Discord, Steam htmlcache => 1372120780 B Windows/system/drivers => 71090962 B Edge => 0 B Chrome => 457789795 B Brave => 159996347 B Firefox => 2556342391 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 0 B LocalService => 13631 B NetworkService => 1262431 B sebastian => 1399023446 B RecycleBin => 398618790 B EmptyTemp: => 7 GB danych tymczasowych Usunięto. ================================ System wymagał restartu. ==== Koniec Fixlog 18:12:28 ====