Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja: 07-02-2023 Uruchomiony przez jm-k2 (09-02-2023 14:55:30) Run:1 Uruchomiony z C:\Users\jm-k2\Downloads Załadowane profile: jm-k2 Tryb startu: Normal ============================================== fixlist - zawartość: ***************** SystemRestore: On CloseProcesses: CreateRestorePoint: HKU\S-1-5-21-1400203782-2325307173-725141657-1001\...\Run: [utweb] => C:\Users\jm-k2\AppData\Roaming\uTorrent Web\utweb.exe [6413464 2022-09-30] (BitTorrent Inc -> BitTorrent Inc.) HKU\S-1-5-21-1400203782-2325307173-725141657-1001\...\Run: [Opera Browser Assistant] => C:\Users\jm-k2\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [3916232 2022-12-20] (Opera Norway AS -> Opera Software) HKU\S-1-5-21-1400203782-2325307173-725141657-1001\...\Run: [MicrosoftEdgeAutoLaunch_C5AAD6B2840A5B17352B88CE66888D8D] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4188576 2023-02-02] (Microsoft Corporation -> Microsoft Corporation) Startup: C:\Users\jm-k2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.it.lnk [2021-02-11] ShortcutTarget: desktop.it.lnk -> C:\Users\jm-k2\AppData\Local\system32\hostd.vbs () [Brak podpisu cyfrowego] Task: {0600DD45-FAF2-4131-A006-0B17509B9F78} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => %windir%\system32\sc.exe start InventorySvc Task: {5A84A502-230C-4F48-96AD-D405D2E4D7ED} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [375416 2012-10-01] (Microsoft Corporation -> Microsoft Corporation) Task: {631C574D-AE52-4706-AB6F-A4D39F2B8D62} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => C:\WINDOWS\system32\MusNotification.exe /RunOnBattery ReadyToReboot (Brak pliku) Task: {6AB18D90-A2CF-47E4-895F-CF589599A25D} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => C:\WINDOWS\system32\MusNotification.exe /RunOnAC ReadyToReboot (Brak pliku) Task: {7CAF72FB-43A4-4AC0-B270-444B605113E8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [375416 2012-10-01] (Microsoft Corporation -> Microsoft Corporation) Task: {B1B31133-A486-4235-A576-91BF25DB4398} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults => C:\WINDOWS\system32\MusNotification.exe LogonUpdateResults (Brak pliku) Task: {B392ABBC-D53B-44B7-933F-0AD14CFB8E6E} - System32\Tasks\Opera scheduled assistant Autoupdate 1586452304 => C:\Users\jm-k2\AppData\Local\Programs\Opera\launcher.exe [2607560 2023-01-19] (Opera Norway AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\jm-k2\AppData\Local\Programs\Opera\assistant" $(Arg0) Task: {B3F7EC44-8F2D-45F6-98EF-68A1B1AA3060} - System32\Tasks\Opera scheduled Autoupdate 1586452301 => C:\Users\jm-k2\AppData\Local\Programs\Opera\launcher.exe [2607560 2023-01-19] (Opera Norway AS -> Opera Software) Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\WINDOWS\System32\MbaeParserTask.exe (Brak pliku) Task: {D54971D0-3164-42C3-9BA9-00A07F92294A} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [661408 2023-02-04] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => C:\WINDOWS\system32\MusNotification.exe (Brak pliku) Task: {E192B84C-05AE-43B7-9F4E-53F6D9A38A98} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [710560 2023-02-04] (Mozilla Corporation -> Mozilla Foundation) Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{190482fc-fbf5-4fd2-92a4-527d060aa2e6}: [DhcpNameServer] 62.233.233.233 87.204.204.204 Tcpip\..\Interfaces\{88e73316-e7a1-487e-be77-a266e0d879b8}: [DhcpNameServer] 192.168.49.1 Tcpip\..\Interfaces\{e778178d-27ff-4f3d-92f8-0dc42eb36feb}: [DhcpNameServer] 192.168.1.1 Edge Extension: (Brak nazwy) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [nie znaleziono] Edge Extension: (Brak nazwy) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [nie znaleziono] Edge Extension: (Brak nazwy) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [nie znaleziono] Edge Extension: (Brak nazwy) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [nie znaleziono] C:\Users\jm-k2\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbmoiomgmchbpihhdpabemajcbjpcijk S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X] 2023-02-09 09:41 - 2023-02-09 09:41 - 000000000 ____D C:\Users\jm-k2\Downloads\FRST-OlderVersion 2023-02-09 09:19 - 2023-02-09 09:19 - 000388608 _____ (Trend Micro Inc.) C:\Users\jm-k2\Downloads\HijackThis.exe 2023-01-26 17:45 - 2023-01-26 17:49 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job 2023-01-23 09:07 - 2022-11-13 16:51 - 000004248 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1586452301 CustomCLSID: HKU\S-1-5-21-1400203782-2325307173-725141657-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\jm-k2\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll => Brak pliku HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE HKU\S-1-5-21-1400203782-2325307173-725141657-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://securesearch.org/homepage?hp=2&pId=BT171101&iDate=2020-04-10 02:22:39&bName= HKU\S-1-5-21-1400203782-2325307173-725141657-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE SearchScopes: HKLM -> {FE5DB1ED-C819-416D-930B-646E9EA8E02B} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 -> {FE5DB1ED-C819-416D-930B-646E9EA8E02B} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKU\S-1-5-21-1400203782-2325307173-725141657-1001 -> {993F5746-4C15-42BC-99C1-064A1764271B} URL = hxxps://securesearch.org?q={searchTerms} SearchScopes: HKU\S-1-5-21-1400203782-2325307173-725141657-1001 -> {FE5DB1ED-C819-416D-930B-646E9EA8E02B} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE trusted site: HKU\S-1-5-21-1400203782-2325307173-725141657-1001\...\localhost -> localhost IE trusted site: HKU\S-1-5-21-1400203782-2325307173-725141657-1001\...\sharepoint.com -> hxxps://sp42wroclaw.sharepoint.com IE trusted site: HKU\S-1-5-21-1400203782-2325307173-725141657-1001\...\webcompanion.com -> hxxp://webcompanion.com HKU\S-1-5-21-1400203782-2325307173-725141657-1001\...\StartupApproved\Run: => "Opera Browser Assistant" HKU\S-1-5-21-1400203782-2325307173-725141657-1001\...\StartupApproved\Run: => "utweb" FirewallRules: [UDP Query User{23ABF06B-A3B4-4AFF-9C83-85578DA96CC5}C:\users\jm-k2\appdata\local\programs\opera\77.0.4054.277\opera.exe] => (Allow) C:\users\jm-k2\appdata\local\programs\opera\77.0.4054.277\opera.exe => Brak pliku FirewallRules: [TCP Query User{ECFF79F4-5D8F-4428-96EC-C9DAF6506782}C:\users\jm-k2\appdata\local\programs\opera\77.0.4054.277\opera.exe] => (Allow) C:\users\jm-k2\appdata\local\programs\opera\77.0.4054.277\opera.exe => Brak pliku FirewallRules: [UDP Query User{13961281-B36A-4D4A-A84A-56C37CE8F855}C:\users\jm-k2\appdata\local\programs\opera\76.0.4017.177\opera.exe] => (Block) C:\users\jm-k2\appdata\local\programs\opera\76.0.4017.177\opera.exe => Brak pliku FirewallRules: [TCP Query User{8954F084-B702-4AC6-BC95-83C3E4BF1219}C:\users\jm-k2\appdata\local\programs\opera\76.0.4017.177\opera.exe] => (Block) C:\users\jm-k2\appdata\local\programs\opera\76.0.4017.177\opera.exe => Brak pliku FirewallRules: [UDP Query User{2673E034-D259-4EEC-AF53-BD27F7B6FF78}C:\users\jm-k2\appdata\local\programs\opera\76.0.4017.154\opera.exe] => (Block) C:\users\jm-k2\appdata\local\programs\opera\76.0.4017.154\opera.exe => Brak pliku FirewallRules: [TCP Query User{5004C1BB-B115-4AB8-BD52-BDC8A4842DB5}C:\users\jm-k2\appdata\local\programs\opera\76.0.4017.154\opera.exe] => (Block) C:\users\jm-k2\appdata\local\programs\opera\76.0.4017.154\opera.exe => Brak pliku FirewallRules: [UDP Query User{BBC14D4D-E2B1-41AB-8F1D-EF4E8B7A2FC7}C:\users\jm-k2\appdata\local\programs\opera\76.0.4017.107\opera.exe] => (Allow) C:\users\jm-k2\appdata\local\programs\opera\76.0.4017.107\opera.exe => Brak pliku FirewallRules: [TCP Query User{32D45CF8-7FBD-47B1-959D-FD18359E39FC}C:\users\jm-k2\appdata\local\programs\opera\76.0.4017.107\opera.exe] => (Allow) C:\users\jm-k2\appdata\local\programs\opera\76.0.4017.107\opera.exe => Brak pliku FirewallRules: [UDP Query User{B67CDA4F-4511-4599-9F03-84DB3F5CC950}C:\users\jm-k2\appdata\local\programs\opera\74.0.3911.203\opera.exe] => (Allow) C:\users\jm-k2\appdata\local\programs\opera\74.0.3911.203\opera.exe => Brak pliku FirewallRules: [TCP Query User{D217B4F5-0F60-405C-9780-1AFF03F6ECD0}C:\users\jm-k2\appdata\local\programs\opera\74.0.3911.203\opera.exe] => (Allow) C:\users\jm-k2\appdata\local\programs\opera\74.0.3911.203\opera.exe => Brak pliku FirewallRules: [UDP Query User{3C58ADFA-39E6-49E1-B0C0-45C3C599B57E}C:\users\jm-k2\appdata\local\programs\opera\74.0.3911.160\opera.exe] => (Allow) C:\users\jm-k2\appdata\local\programs\opera\74.0.3911.160\opera.exe => Brak pliku FirewallRules: [TCP Query User{D1952780-C78D-48C6-AA93-1FA262BB4E2D}C:\users\jm-k2\appdata\local\programs\opera\74.0.3911.160\opera.exe] => (Allow) C:\users\jm-k2\appdata\local\programs\opera\74.0.3911.160\opera.exe => Brak pliku FirewallRules: [UDP Query User{2F584DF9-F4C5-4BB5-9898-C2C704C32219}C:\users\jm-k2\appdata\local\programs\opera\73.0.3856.344\opera.exe] => (Allow) C:\users\jm-k2\appdata\local\programs\opera\73.0.3856.344\opera.exe => Brak pliku FirewallRules: [TCP Query User{F56D8888-E587-42D8-998C-55BE5A346A76}C:\users\jm-k2\appdata\local\programs\opera\73.0.3856.344\opera.exe] => (Allow) C:\users\jm-k2\appdata\local\programs\opera\73.0.3856.344\opera.exe => Brak pliku EmptyEventLogs: EmptyTemp: ***************** SystemRestore: On => ukończone Procesy zostały pomyślnie zamknięte. Punkt przywracania został pomyślnie utworzony. "HKU\S-1-5-21-1400203782-2325307173-725141657-1001\Software\Microsoft\Windows\CurrentVersion\Run\\utweb" => pomyślnie usunięto "HKU\S-1-5-21-1400203782-2325307173-725141657-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Opera Browser Assistant" => pomyślnie usunięto "HKU\S-1-5-21-1400203782-2325307173-725141657-1001\Software\Microsoft\Windows\CurrentVersion\Run\\MicrosoftEdgeAutoLaunch_C5AAD6B2840A5B17352B88CE66888D8D" => pomyślnie usunięto C:\Users\jm-k2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.it.lnk => pomyślnie przeniesiono C:\Users\jm-k2\AppData\Local\system32\hostd.vbs => pomyślnie przeniesiono "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0600DD45-FAF2-4131-A006-0B17509B9F78}" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0600DD45-FAF2-4131-A006-0B17509B9F78}" => pomyślnie usunięto C:\WINDOWS\System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => pomyślnie przeniesiono "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5A84A502-230C-4F48-96AD-D405D2E4D7ED}" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5A84A502-230C-4F48-96AD-D405D2E4D7ED}" => pomyślnie usunięto C:\WINDOWS\System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => pomyślnie przeniesiono "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\OfficeTelemetryAgentLogOn" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{631C574D-AE52-4706-AB6F-A4D39F2B8D62}" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{631C574D-AE52-4706-AB6F-A4D39F2B8D62}" => pomyślnie usunięto C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => pomyślnie przeniesiono "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6AB18D90-A2CF-47E4-895F-CF589599A25D}" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6AB18D90-A2CF-47E4-895F-CF589599A25D}" => pomyślnie usunięto C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => pomyślnie przeniesiono "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\Reboot_AC" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7CAF72FB-43A4-4AC0-B270-444B605113E8}" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7CAF72FB-43A4-4AC0-B270-444B605113E8}" => pomyślnie usunięto C:\WINDOWS\System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => pomyślnie przeniesiono "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\OfficeTelemetryAgentFallBack" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B1B31133-A486-4235-A576-91BF25DB4398}" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B1B31133-A486-4235-A576-91BF25DB4398}" => pomyślnie usunięto C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults => pomyślnie przeniesiono "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B392ABBC-D53B-44B7-933F-0AD14CFB8E6E}" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B392ABBC-D53B-44B7-933F-0AD14CFB8E6E}" => pomyślnie usunięto C:\WINDOWS\System32\Tasks\Opera scheduled assistant Autoupdate 1586452304 => pomyślnie przeniesiono "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Opera scheduled assistant Autoupdate 1586452304" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B3F7EC44-8F2D-45F6-98EF-68A1B1AA3060}" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B3F7EC44-8F2D-45F6-98EF-68A1B1AA3060}" => pomyślnie usunięto C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1586452301 => pomyślnie przeniesiono "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Opera scheduled Autoupdate 1586452301" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CCDFC0B8-01A3-4E74-A820-4F13F51D269E}" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CCDFC0B8-01A3-4E74-A820-4F13F51D269E}" => pomyślnie usunięto C:\WINDOWS\System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => pomyślnie przeniesiono "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D54971D0-3164-42C3-9BA9-00A07F92294A}" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D54971D0-3164-42C3-9BA9-00A07F92294A}" => pomyślnie usunięto C:\WINDOWS\System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => pomyślnie przeniesiono "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Mozilla\Firefox Background Update 308046B0AF4A39CB" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E0F10DCF-44AD-40E8-9370-FB5DA59F93FB}" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0F10DCF-44AD-40E8-9370-FB5DA59F93FB}" => pomyślnie usunięto C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => pomyślnie przeniesiono "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E192B84C-05AE-43B7-9F4E-53F6D9A38A98}" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E192B84C-05AE-43B7-9F4E-53F6D9A38A98}" => pomyślnie usunięto C:\WINDOWS\System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => pomyślnie przeniesiono "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB" => pomyślnie usunięto C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => pomyślnie przeniesiono "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer" => pomyślnie usunięto "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{190482fc-fbf5-4fd2-92a4-527d060aa2e6}\\DhcpNameServer" => pomyślnie usunięto "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{88e73316-e7a1-487e-be77-a266e0d879b8}\\DhcpNameServer" => pomyślnie usunięto "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{e778178d-27ff-4f3d-92f8-0dc42eb36feb}\\DhcpNameServer" => pomyślnie usunięto HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => pomyślnie usunięto HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\BookReader_B171F20233094AC88D05A8EF7B9763E8 => pomyślnie usunięto HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => pomyślnie usunięto HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => pomyślnie usunięto C:\Users\jm-k2\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbmoiomgmchbpihhdpabemajcbjpcijk => pomyślnie przeniesiono HKLM\System\CurrentControlSet\Services\WinSetupMon => pomyślnie usunięto WinSetupMon => serwis pomyślnie usunięto C:\Users\jm-k2\Downloads\FRST-OlderVersion => pomyślnie przeniesiono C:\Users\jm-k2\Downloads\HijackThis.exe => pomyślnie przeniesiono "C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job" => nie znaleziono "C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1586452301" => nie znaleziono HKU\S-1-5-21-1400203782-2325307173-725141657-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92} => pomyślnie usunięto HKLM\Software\\Microsoft\Internet Explorer\Main\\"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" => Wartość pomyślnie przywrócono HKLM\Software\\Microsoft\Internet Explorer\Main\\"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" => Wartość pomyślnie przywrócono HKU\S-1-5-21-1400203782-2325307173-725141657-1001\Software\Microsoft\Internet Explorer\Main\\"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" => Wartość pomyślnie przywrócono HKU\S-1-5-21-1400203782-2325307173-725141657-1001\Software\Microsoft\Internet Explorer\Main\\"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" => Wartość pomyślnie przywrócono HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FE5DB1ED-C819-416D-930B-646E9EA8E02B} => pomyślnie usunięto HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{FE5DB1ED-C819-416D-930B-646E9EA8E02B} => pomyślnie usunięto HKU\S-1-5-21-1400203782-2325307173-725141657-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{993F5746-4C15-42BC-99C1-064A1764271B} => nie znaleziono HKU\S-1-5-21-1400203782-2325307173-725141657-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FE5DB1ED-C819-416D-930B-646E9EA8E02B} => pomyślnie usunięto HKU\S-1-5-21-1400203782-2325307173-725141657-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost => pomyślnie usunięto HKU\S-1-5-21-1400203782-2325307173-725141657-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sharepoint.com => pomyślnie usunięto HKU\S-1-5-21-1400203782-2325307173-725141657-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com => nie znaleziono "HKU\S-1-5-21-1400203782-2325307173-725141657-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\Opera Browser Assistant" => pomyślnie usunięto "HKU\S-1-5-21-1400203782-2325307173-725141657-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Opera Browser Assistant" => nie znaleziono "HKU\S-1-5-21-1400203782-2325307173-725141657-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\utweb" => pomyślnie usunięto "HKU\S-1-5-21-1400203782-2325307173-725141657-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\utweb" => nie znaleziono "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{23ABF06B-A3B4-4AFF-9C83-85578DA96CC5}C:\users\jm-k2\appdata\local\programs\opera\77.0.4054.277\opera.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{ECFF79F4-5D8F-4428-96EC-C9DAF6506782}C:\users\jm-k2\appdata\local\programs\opera\77.0.4054.277\opera.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{13961281-B36A-4D4A-A84A-56C37CE8F855}C:\users\jm-k2\appdata\local\programs\opera\76.0.4017.177\opera.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{8954F084-B702-4AC6-BC95-83C3E4BF1219}C:\users\jm-k2\appdata\local\programs\opera\76.0.4017.177\opera.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{2673E034-D259-4EEC-AF53-BD27F7B6FF78}C:\users\jm-k2\appdata\local\programs\opera\76.0.4017.154\opera.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{5004C1BB-B115-4AB8-BD52-BDC8A4842DB5}C:\users\jm-k2\appdata\local\programs\opera\76.0.4017.154\opera.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{BBC14D4D-E2B1-41AB-8F1D-EF4E8B7A2FC7}C:\users\jm-k2\appdata\local\programs\opera\76.0.4017.107\opera.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{32D45CF8-7FBD-47B1-959D-FD18359E39FC}C:\users\jm-k2\appdata\local\programs\opera\76.0.4017.107\opera.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{B67CDA4F-4511-4599-9F03-84DB3F5CC950}C:\users\jm-k2\appdata\local\programs\opera\74.0.3911.203\opera.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{D217B4F5-0F60-405C-9780-1AFF03F6ECD0}C:\users\jm-k2\appdata\local\programs\opera\74.0.3911.203\opera.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{3C58ADFA-39E6-49E1-B0C0-45C3C599B57E}C:\users\jm-k2\appdata\local\programs\opera\74.0.3911.160\opera.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{D1952780-C78D-48C6-AA93-1FA262BB4E2D}C:\users\jm-k2\appdata\local\programs\opera\74.0.3911.160\opera.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{2F584DF9-F4C5-4BB5-9898-C2C704C32219}C:\users\jm-k2\appdata\local\programs\opera\73.0.3856.344\opera.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{F56D8888-E587-42D8-998C-55BE5A346A76}C:\users\jm-k2\appdata\local\programs\opera\73.0.3856.344\opera.exe" => pomyślnie usunięto =========== EmptyEventLogs: ========== 1158 Event logs cleared. ================================ =========== EmptyTemp: ========== FlushDNS => ukończone BITS transfer queue => 1310720 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 25337517 B Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B Windows/system/drivers => 1195496 B Edge => 1389343 B Vivaldi => 46610509 B Firefox => 1493331155 B Opera => 483534197 B Temp, IE cache, history, cookies, recent: Default => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 0 B LocalService => 0 B NetworkService => 138544 B jm-k2 => 245697510 B RecycleBin => 0 B EmptyTemp: => 2.1 GB danych tymczasowych Usunięto. ================================ System wymagał restartu. ==== Koniec Fixlog 14:57:06 ====