Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja: 25.03.2024
Uruchomiony przez Admin (27-03-2024 22:21:05) Run:1
Uruchomiony z C:\Users\Admin\Downloads
Załadowane profile: Admin
Tryb startu: Normal
==============================================

fixlist - zawartość:
*****************
CreateRestorePoint:
CloseProcesses:
EmptyTemp:
HKU\S-1-5-19\...\RunOnce: [] => [X]
HKU\S-1-5-20\...\RunOnce: [] => [X]
HKU\S-1-5-21-1303617771-391412065-3885917864-1000\...\Run: [ocmanage] => wscript.exe "C:\Users\Admin\AppData\Roaming\Microsoft\Windows NT\ocmanage.js" (Brak pliku) <==== UWAGA
Task: {0600DD45-FAF2-4131-A006-0B17509B9F78} - \Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser -> Brak pliku <==== UWAGA
Task: {4738DE7A-BCC1-4E2D-B1B0-CADB044BFA81} - \Microsoft\Windows\Customer Experience Improvement Program\KernelCeipTask -> Brak pliku <==== UWAGA
Task: {6FAC31FA-4A85-4E64-BFD5-2154FF4594B3} - \Microsoft\Windows\Customer Experience Improvement Program\UsbCeip -> Brak pliku <==== UWAGA
Task: {7486D5AB-90EC-4CAB-B0E9-A79A95D38C29} - System32\Tasks\Driver Booster SkipUAC (Admin) => "C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe"  /skipuac (Brak pliku)
Task: {4394161B-ECB7-4788-9312-9E360451319F} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe  LOGON (Brak pliku)
Task: {88D637D1-E7D6-4177-A171-402578CE84EA} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe  SCHED (Brak pliku)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (Brak pliku)
Task: {29AFBFEE-0C7B-42CB-9BD2-D43E17E6967C} - System32\Tasks\Opera GX scheduled Autoupdate 1711073982 => C:\Users\Admin\AppData\Local\Programs\Opera GX\launcher.exe  --scheduledautoupdate $(Arg0) (Brak pliku)
Task: {7FE5D4F8-CF1A-45A5-B09E-3CC6E2D775C4} - System32\Tasks\Process Lasso Management Console (GUI) => "C:\Program Files\Process Lasso\processlasso.exe"  (Brak pliku)
Task: {1CE9A269-51DB-4BBC-8682-C081A48340BD} - System32\Tasks\Session agent for Process Lasso => "C:\Program Files\Process Lasso\bitsumsessionagent.exe"  ---------------------------------------------------------------- (Brak pliku)
R3 WinRing0_1_2_0; C:\Users\Admin\AppData\Local\Temp\WinRing0x64.sys [33176 2024-03-27] (NetEase(Hangzhou) Network Co. Ltd. -> ) <==== UWAGA
S2 IDMWFP; \SystemRoot\System32\drivers\idmwfp.sys [X]
U3 TrueSight; \??\C:\Windows\System32\drivers\truesight.sys [X]
Powershell: type C:\ProgramData\ntuser.pol
CustomCLSID: HKU\S-1-5-21-1303617771-391412065-3885917864-1000_Classes\CLSID\{CAE1760A-CB07-481B-8F9A-BC65510AF5D5}\InprocServer32 -> C:\Users\Admin\AppData\Local\Microsoft\EdgeUpdate\1.3.185.21\psuser_64.dll => Brak pliku
CustomCLSID: HKU\S-1-5-21-1303617771-391412065-3885917864-1000_Classes\CLSID\{E8791438-3525-48BF-A600-C577AD1674C2}\InprocServer32 -> C:\Users\Admin\AppData\Local\Microsoft\EdgeUpdate\1.3.173.49\psuser_64.dll => Brak pliku
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> Brak pliku
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> Brak pliku
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> Brak pliku
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> Brak pliku
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> Brak pliku
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> Brak pliku
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> Brak pliku
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> Brak pliku
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> Brak pliku
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> Brak pliku
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> Brak pliku
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> Brak pliku
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> Brak pliku
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> Brak pliku
AlternateDataStreams: C:\MountUUP:$WIMMOUNTDATA [850]

*****************

Punkt przywracania został pomyślnie utworzony.
Procesy zostały pomyślnie zamknięte.
"HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\" => pomyślnie usunięto
"HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\" => pomyślnie usunięto
"HKU\S-1-5-21-1303617771-391412065-3885917864-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ocmanage" => pomyślnie usunięto
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0600DD45-FAF2-4131-A006-0B17509B9F78}" => pomyślnie usunięto
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0600DD45-FAF2-4131-A006-0B17509B9F78}" => pomyślnie usunięto
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser" => nie znaleziono
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4738DE7A-BCC1-4E2D-B1B0-CADB044BFA81}" => pomyślnie usunięto
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4738DE7A-BCC1-4E2D-B1B0-CADB044BFA81}" => pomyślnie usunięto
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Customer Experience Improvement Program\KernelCeipTask" => nie znaleziono
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6FAC31FA-4A85-4E64-BFD5-2154FF4594B3}" => pomyślnie usunięto
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6FAC31FA-4A85-4E64-BFD5-2154FF4594B3}" => pomyślnie usunięto
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Customer Experience Improvement Program\UsbCeip" => nie znaleziono
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7486D5AB-90EC-4CAB-B0E9-A79A95D38C29}" => pomyślnie usunięto
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7486D5AB-90EC-4CAB-B0E9-A79A95D38C29}" => pomyślnie usunięto
C:\Windows\System32\Tasks\Driver Booster SkipUAC (Admin) => pomyślnie przeniesiono
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster SkipUAC (Admin)" => pomyślnie usunięto
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4394161B-ECB7-4788-9312-9E360451319F}" => pomyślnie usunięto
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4394161B-ECB7-4788-9312-9E360451319F}" => pomyślnie usunięto
C:\Windows\System32\Tasks\EOSv3 Scheduler onLogOn => pomyślnie przeniesiono
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EOSv3 Scheduler onLogOn" => pomyślnie usunięto
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{88D637D1-E7D6-4177-A171-402578CE84EA}" => pomyślnie usunięto
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{88D637D1-E7D6-4177-A171-402578CE84EA}" => pomyślnie usunięto
C:\Windows\System32\Tasks\EOSv3 Scheduler onTime => pomyślnie przeniesiono
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EOSv3 Scheduler onTime" => pomyślnie usunięto
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E0F10DCF-44AD-40E8-9370-FB5DA59F93FB}" => pomyślnie usunięto
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0F10DCF-44AD-40E8-9370-FB5DA59F93FB}" => pomyślnie usunięto
C:\Windows\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => pomyślnie przeniesiono
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker" => pomyślnie usunięto
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{29AFBFEE-0C7B-42CB-9BD2-D43E17E6967C}" => pomyślnie usunięto
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{29AFBFEE-0C7B-42CB-9BD2-D43E17E6967C}" => pomyślnie usunięto
C:\Windows\System32\Tasks\Opera GX scheduled Autoupdate 1711073982 => pomyślnie przeniesiono
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Opera GX scheduled Autoupdate 1711073982" => pomyślnie usunięto
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7FE5D4F8-CF1A-45A5-B09E-3CC6E2D775C4}" => pomyślnie usunięto
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7FE5D4F8-CF1A-45A5-B09E-3CC6E2D775C4}" => pomyślnie usunięto
C:\Windows\System32\Tasks\Process Lasso Management Console (GUI) => pomyślnie przeniesiono
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Process Lasso Management Console (GUI)" => pomyślnie usunięto
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1CE9A269-51DB-4BBC-8682-C081A48340BD}" => pomyślnie usunięto
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1CE9A269-51DB-4BBC-8682-C081A48340BD}" => pomyślnie usunięto
C:\Windows\System32\Tasks\Session agent for Process Lasso => pomyślnie przeniesiono
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Session agent for Process Lasso" => pomyślnie usunięto
WinRing0_1_2_0 => Usługa pomyślnie zatrzymana.
HKLM\System\CurrentControlSet\Services\WinRing0_1_2_0 => pomyślnie usunięto
WinRing0_1_2_0 => serwis pomyślnie usunięto
HKLM\System\CurrentControlSet\Services\IDMWFP => pomyślnie usunięto
IDMWFP => serwis pomyślnie usunięto
HKLM\System\CurrentControlSet\Services\TrueSight => pomyślnie usunięto
TrueSight => serwis pomyślnie usunięto

========= type C:\ProgramData\ntuser.pol =========

PReg   [ S o f t w a r e \ P o l i c i e s \ M i c r o s o f t \ W i n d o w s \ G r o u p   P o l i c y   O b j e c t s \ L o c a l   G r o u p   P o l i c y   ; * * C o m m e n t : G P O   N a m e :   L o c a l   G r o u p   P o l i c y   ;    ;     ; ] [ S O F T W A R E \ P o l i c i e s \ M i c r o s o f t \ F V E   ; U s e A d v a n c e d S t a r t u p   ;    ;    ;    ] [ S O F T W A R E \ P o l i c i e s \ M i c r o s o f t \ F V E   ; E n a b l e B D E W i t h N o T P M   ;    ;    ;     ] [ S O F T W A R E \ P o l i c i e s \ M i c r o s o f t \ F V E   ; U s e T P M   ;    ;    ;    ] [ S O F T W A R E \ P o l i c i e s \ M i c r o s o f t \ F V E   ; U s e T P M P I N   ;    ;    ;    ] [ S O F T W A R E \ P o l i c i e s \ M i c r o s o f t \ F V E   ; U s e T P M K e y   ;    ;    ;    ] [ S O F T W A R E \ P o l i c i e s \ M i c r o s o f t \ F V E   ; U s e T P M K e y P I N   ;    ;    ;    ] 

========= Koniec  Powershell: =========

HKU\S-1-5-21-1303617771-391412065-3885917864-1000_Classes\CLSID\{CAE1760A-CB07-481B-8F9A-BC65510AF5D5} => pomyślnie usunięto
HKU\S-1-5-21-1303617771-391412065-3885917864-1000_Classes\CLSID\{E8791438-3525-48BF-A600-C577AD1674C2} => pomyślnie usunięto
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => pomyślnie usunięto
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => pomyślnie usunięto
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => pomyślnie usunięto
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => pomyślnie usunięto
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => pomyślnie usunięto
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => pomyślnie usunięto
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => pomyślnie usunięto
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => pomyślnie usunięto
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => pomyślnie usunięto
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => pomyślnie usunięto
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => pomyślnie usunięto
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => pomyślnie usunięto
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => pomyślnie usunięto
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => pomyślnie usunięto
C:\MountUUP => ":$WIMMOUNTDATA" ADS pomyślnie usunięto

=========== EmptyTemp: ==========

FlushDNS => ukończone
BITS transfer queue => 1310720 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 38141396 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/drivers => 189512203 B
Edge => 0 B
Chrome => 913799559 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 52778 B
NetworkService => 52778 B
Admin => 233743917 B

RecycleBin => 526272240 B
EmptyTemp: => 1.8 GB danych tymczasowych Usunięto.

================================


System wymagał restartu.

==== Koniec  Fixlog 22:21:18 ====