Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja: 07-07-2021 Uruchomiony przez ganon (10-07-2021 21:08:57) Run:3 Uruchomiony z C:\Users\ganon\OneDrive\Pulpit\frst Załadowane profile: ganon Tryb startu: Normal ============================================== fixlist - zawartość: ***************** CreateRestorePoint: CloseProcesses: EmptyTemp: File: C:\Users\ganon\OneDrive\Dokumenty\Gysudpo.trk () [Brak podpisu cyfrowego] C:\Users\ganon\AppData\Local\Temp\csrss\injector\injector.exe () [Brak podpisu cyfrowego] C:\Users\ganon\AppData\Local\Temp\csrss\mg20201223-1.exe () [Brak podpisu cyfrowego] C:\Users\ganon\AppData\Local\Temp\csrss\ml20201223.exe () [Brak podpisu cyfrowego] C:\Users\ganon\AppData\Local\Temp\csrss\wup\xarch\wup.exe () [Brak podpisu cyfrowego] C:\Users\ganon\AppData\Local\Temp\csrss\ww31.exe () [Brak podpisu cyfrowego] C:\Windows\rss\csrss.exe (MacPaw INC -> MacPaw Inc.) C:\Program Files\CleanMyPC\CleanMyPCService.exe (Microsoft Corporation -> ) C:\Users\ganon\AppData\Local\Temp\IXP000.TMP\UpdateBrowserForApp.exe (Odmowa dostępu) [Brak podpisu cyfrowego] C:\Windows\windefender.exe HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706288 2021-04-09] (Oracle America, Inc. -> Oracle Corporation) HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA HKU\S-1-5-21-1126279267-2379485027-353841249-1001\...\Run: [BingWallpaperApp] => C:\Users\ganon\AppData\Local\Microsoft\BingWallpaperApp\BingWallpaperApp.exe [13140856 2021-05-26] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-1126279267-2379485027-353841249-1001\...\Run: [DryWildflower] => C:\WINDOWS\rss\csrss.exe [4568064 2021-07-06] () [Brak podpisu cyfrowego] <==== UWAGA Task: {299BC930-5F82-4F58-889F-59BA6F4484F2} - System32\Tasks\CleanMyPCSkipUAC => C:\Program Files\CleanMyPC\CleanMyPC.exe [24348784 2021-05-27] (MacPaw INC -> MacPaw Inc.) Task: {8781B914-A96F-4DC6-8CE2-28CE590D296B} - System32\Tasks\csrss => C:\Windows\rss\csrss.exe [4568064 2021-07-06] () [Brak podpisu cyfrowego] <==== UWAGA Task: {F60A0EF9-118B-41EF-8550-B92A97EEA441} - System32\Tasks\Fighters\SLOW-PCfighter\RCPRO-5-ganon-logon => C:\Program Files (x86)\Fighters\SLOW-PCfighter\UI.exe [1675904 2019-03-22] (SPAMfighter ApS -> SPAMfighter ApS) Tcpip\..\Interfaces\{be6088d5-e553-40bd-92cc-0bbdb4bf57ac}: [DhcpNameServer] 192.168.1.1 R2 CleanMyPCService; C:\Program Files\CleanMyPC\CleanMyPCService.exe [490096 2021-05-27] (MacPaw INC -> MacPaw Inc.) S3 Common Toolkit 2; C:\Program Files (x86)\Common Files\Common Toolkit Suite\Tools\x64\CommonToolkit2.exe [358072 2016-04-13] (SPAMfighter ApS -> SPAMfighter ApS) R2 WinDefender; C:\WINDOWS\windefender.exe [1987072 2021-07-10] () [Brak podpisu cyfrowego] <==== UWAGA 2021-07-10 12:38 - 2021-07-10 12:38 - 028964144 _____ (MacPaw, Inc. ) C:\Users\ganon\Downloads\CleanMyPC.exe 2021-07-10 12:38 - 2021-07-10 12:38 - 000003512 _____ C:\WINDOWS\system32\Tasks\CleanMyPCSkipUAC 2021-07-10 12:38 - 2021-07-10 12:38 - 000000886 _____ C:\ProgramData\Pulpit\CleanMyPC.lnk 2021-07-10 12:38 - 2021-07-10 12:38 - 000000000 ____D C:\ProgramData\MacPaw Inc 2021-07-10 12:38 - 2021-07-10 12:38 - 000000000 ____D C:\Program Files\CleanMyPC 2021-07-09 15:31 - 2021-07-09 15:31 - 004280488 _____ (SPAMfighter ApS.) C:\Users\ganon\Downloads\SLOW-PCfighter_web.exe 2021-07-05 11:55 - 2021-07-05 11:55 - 000000000 ____D C:\Program Files\Windows Multimedia Platform 2021-07-05 11:55 - 2021-07-05 11:55 - 000000000 ____D C:\Program Files (x86)\Windows Multimedia Platform FirewallRules: [TCP Query User{AC1DC52F-E09F-4D0D-9BBF-DD095775B305}C:\users\ganon\appdata\local\temp\rar$exa4224.31854\among us v2021.6.15s\among us.exe] => (Allow) C:\users\ganon\appdata\local\temp\rar$exa4224.31854\among us v2021.6.15s\among us.exe => Brak pliku FirewallRules: [UDP Query User{72D5206C-C018-448F-AFFE-A458D8B5DB8B}C:\users\ganon\appdata\local\temp\rar$exa4224.31854\among us v2021.6.15s\among us.exe] => (Allow) C:\users\ganon\appdata\local\temp\rar$exa4224.31854\among us v2021.6.15s\among us.exe => Brak pliku FirewallRules: [TCP Query User{C92F68D2-8D89-4828-9DF0-81A32584650E}C:\users\ganon\appdata\local\temp\rar$exa5468.29011\people playground v1.19.2\win64\people playground.exe] => (Allow) C:\users\ganon\appdata\local\temp\rar$exa5468.29011\people playground v1.19.2\win64\people playground.exe => Brak pliku FirewallRules: [UDP Query User{13B1045F-00A4-4245-AB07-F8F3F33872AB}C:\users\ganon\appdata\local\temp\rar$exa5468.29011\people playground v1.19.2\win64\people playground.exe] => (Allow) C:\users\ganon\appdata\local\temp\rar$exa5468.29011\people playground v1.19.2\win64\people playground.exe => Brak pliku FirewallRules: [TCP Query User{B4785A0C-F0D8-4A04-98BE-1978A8767E71}C:\users\ganon\appdata\local\temp\rar$exa628.30076\people playground v1.19.2\win64\people playground.exe] => (Allow) C:\users\ganon\appdata\local\temp\rar$exa628.30076\people playground v1.19.2\win64\people playground.exe => Brak pliku FirewallRules: [UDP Query User{A1CAAA13-9B11-4CB4-B0CF-B709E9DFB711}C:\users\ganon\appdata\local\temp\rar$exa628.30076\people playground v1.19.2\win64\people playground.exe] => (Allow) C:\users\ganon\appdata\local\temp\rar$exa628.30076\people playground v1.19.2\win64\people playground.exe => Brak pliku FirewallRules: [{AEC64905-D4B9-4771-87FB-99EA4C867028}] => (Allow) C:\Users\ganon\AppData\Roaming\uTorrent\uTorrent.exe => Brak pliku FirewallRules: [{DFA95E0B-096F-4E81-9538-44DAC5A0C57C}] => (Allow) C:\Users\ganon\AppData\Roaming\uTorrent\uTorrent.exe => Brak pliku FirewallRules: [TCP Query User{9B907F5B-E663-4DBA-A43E-5A17D14CF9C6}C:\users\ganon\appdata\local\temp\rar$exa7324.15931\people playground v1.19.2\win64\people playground.exe] => (Allow) C:\users\ganon\appdata\local\temp\rar$exa7324.15931\people playground v1.19.2\win64\people playground.exe => Brak pliku FirewallRules: [UDP Query User{57DFA892-FE5B-475E-8EE0-CD2618B12BB2}C:\users\ganon\appdata\local\temp\rar$exa7324.15931\people playground v1.19.2\win64\people playground.exe] => (Allow) C:\users\ganon\appdata\local\temp\rar$exa7324.15931\people playground v1.19.2\win64\people playground.exe => Brak pliku FirewallRules: [TCP Query User{2D819B00-7C61-4669-99A6-83BF85FA09FA}C:\users\ganon\appdata\local\temp\rar$exa3968.10830\among us v2021.6.15s\among us.exe] => (Allow) C:\users\ganon\appdata\local\temp\rar$exa3968.10830\among us v2021.6.15s\among us.exe => Brak pliku FirewallRules: [UDP Query User{D933254F-C0C2-4CF2-9F4B-46670A8E0EB5}C:\users\ganon\appdata\local\temp\rar$exa3968.10830\among us v2021.6.15s\among us.exe] => (Allow) C:\users\ganon\appdata\local\temp\rar$exa3968.10830\among us v2021.6.15s\among us.exe => Brak pliku FirewallRules: [{11E59A7A-0B2F-42C0-A11D-B51D3424927F}] => (Allow) C:\WINDOWS\rss\csrss.exe () [Brak podpisu cyfrowego] RemoveProxy: Hosts: ***************** Błąd: (0) Nie udało się utworzyć punktu przywracania. Procesy zostały pomyślnie zamknięte. ========================= File: C:\Users\ganon\OneDrive\Dokumenty\Gysudpo.trk ======================== C:\Users\ganon\OneDrive\Dokumenty\Gysudpo.trk Brak podpisu cyfrowego MD5: 56ED05472E92CB850C83C91519219FB4 Data utworzenia i modyfikacji: 2021-07-10 15:20 - 2021-07-10 15:20 Rozmiar: 000024281 Atrybuty: ----A Firma: Wewnętrzna nazwa: Oryginalna nazwa: Produkt: Opis: Plik Wersja: Produkt Wersja: Prawa autorskie: VirusTotal: 0 ====== Koniec File: ====== C:\Users\ganon\AppData\Local\Temp\csrss\injector\injector.exe => Nie odnaleziono uruchomionego procesu C:\Users\ganon\AppData\Local\Temp\csrss\mg20201223-1.exe => Nie odnaleziono uruchomionego procesu C:\Users\ganon\AppData\Local\Temp\csrss\ml20201223.exe => Nie odnaleziono uruchomionego procesu C:\Users\ganon\AppData\Local\Temp\csrss\wup\xarch\wup.exe => Nie odnaleziono uruchomionego procesu C:\Users\ganon\AppData\Local\Temp\csrss\ww31.exe => Nie odnaleziono uruchomionego procesu C:\Windows\rss\csrss.exe => Nie odnaleziono uruchomionego procesu C:\Program Files\CleanMyPC\CleanMyPCService.exe => Nie odnaleziono uruchomionego procesu C:\Users\ganon\AppData\Local\Temp\IXP000.TMP\UpdateBrowserForApp.exe => Nie odnaleziono uruchomionego procesu [Brak podpisu cyfrowego] C:\Windows\windefender.exe => Nie odnaleziono uruchomionego procesu "HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched" => pomyślnie usunięto HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => pomyślnie usunięto "HKU\S-1-5-21-1126279267-2379485027-353841249-1001\Software\Microsoft\Windows\CurrentVersion\Run\\BingWallpaperApp" => pomyślnie usunięto "HKU\S-1-5-21-1126279267-2379485027-353841249-1001\Software\Microsoft\Windows\CurrentVersion\Run\\DryWildflower" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{299BC930-5F82-4F58-889F-59BA6F4484F2}" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{299BC930-5F82-4F58-889F-59BA6F4484F2}" => pomyślnie usunięto C:\WINDOWS\System32\Tasks\CleanMyPCSkipUAC => pomyślnie przeniesiono "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CleanMyPCSkipUAC" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8781B914-A96F-4DC6-8CE2-28CE590D296B}" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8781B914-A96F-4DC6-8CE2-28CE590D296B}" => pomyślnie usunięto C:\WINDOWS\System32\Tasks\csrss => pomyślnie przeniesiono "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\csrss" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F60A0EF9-118B-41EF-8550-B92A97EEA441}" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F60A0EF9-118B-41EF-8550-B92A97EEA441}" => pomyślnie usunięto C:\WINDOWS\System32\Tasks\Fighters\SLOW-PCfighter\RCPRO-5-ganon-logon => pomyślnie przeniesiono "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Fighters\SLOW-PCfighter\RCPRO-5-ganon-logon" => nie znaleziono "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{be6088d5-e553-40bd-92cc-0bbdb4bf57ac}\\DhcpNameServer" => pomyślnie usunięto HKLM\System\CurrentControlSet\Services\CleanMyPCService => pomyślnie usunięto CleanMyPCService => serwis pomyślnie usunięto HKLM\System\CurrentControlSet\Services\Common Toolkit 2 => pomyślnie usunięto Common Toolkit 2 => serwis pomyślnie usunięto HKLM\System\CurrentControlSet\Services\WinDefender => pomyślnie usunięto WinDefender => serwis pomyślnie usunięto C:\Users\ganon\Downloads\CleanMyPC.exe => pomyślnie przeniesiono "C:\WINDOWS\system32\Tasks\CleanMyPCSkipUAC" => nie znaleziono Nie można przenieść "C:\ProgramData\Pulpit\CleanMyPC.lnk" => Zaplanowany do przeniesienia przy restarcie. C:\ProgramData\MacPaw Inc => pomyślnie przeniesiono "C:\Program Files\CleanMyPC" folder - przenoszenie: Nie można przenieść "C:\Program Files\CleanMyPC" => Zaplanowany do przeniesienia przy restarcie. C:\Users\ganon\Downloads\SLOW-PCfighter_web.exe => pomyślnie przeniesiono C:\Program Files\Windows Multimedia Platform => pomyślnie przeniesiono C:\Program Files (x86)\Windows Multimedia Platform => pomyślnie przeniesiono "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{AC1DC52F-E09F-4D0D-9BBF-DD095775B305}C:\users\ganon\appdata\local\temp\rar$exa4224.31854\among us v2021.6.15s\among us.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{72D5206C-C018-448F-AFFE-A458D8B5DB8B}C:\users\ganon\appdata\local\temp\rar$exa4224.31854\among us v2021.6.15s\among us.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{C92F68D2-8D89-4828-9DF0-81A32584650E}C:\users\ganon\appdata\local\temp\rar$exa5468.29011\people playground v1.19.2\win64\people playground.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{13B1045F-00A4-4245-AB07-F8F3F33872AB}C:\users\ganon\appdata\local\temp\rar$exa5468.29011\people playground v1.19.2\win64\people playground.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{B4785A0C-F0D8-4A04-98BE-1978A8767E71}C:\users\ganon\appdata\local\temp\rar$exa628.30076\people playground v1.19.2\win64\people playground.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{A1CAAA13-9B11-4CB4-B0CF-B709E9DFB711}C:\users\ganon\appdata\local\temp\rar$exa628.30076\people playground v1.19.2\win64\people playground.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AEC64905-D4B9-4771-87FB-99EA4C867028}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DFA95E0B-096F-4E81-9538-44DAC5A0C57C}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{9B907F5B-E663-4DBA-A43E-5A17D14CF9C6}C:\users\ganon\appdata\local\temp\rar$exa7324.15931\people playground v1.19.2\win64\people playground.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{57DFA892-FE5B-475E-8EE0-CD2618B12BB2}C:\users\ganon\appdata\local\temp\rar$exa7324.15931\people playground v1.19.2\win64\people playground.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{2D819B00-7C61-4669-99A6-83BF85FA09FA}C:\users\ganon\appdata\local\temp\rar$exa3968.10830\among us v2021.6.15s\among us.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{D933254F-C0C2-4CF2-9F4B-46670A8E0EB5}C:\users\ganon\appdata\local\temp\rar$exa3968.10830\among us v2021.6.15s\among us.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{11E59A7A-0B2F-42C0-A11D-B51D3424927F}" => pomyślnie usunięto ========= RemoveProxy: ========= "HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => pomyślnie usunięto "HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => pomyślnie usunięto "HKU\S-1-5-21-1126279267-2379485027-353841249-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => pomyślnie usunięto "HKU\S-1-5-21-1126279267-2379485027-353841249-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => pomyślnie usunięto ========= Koniec RemoveProxy: ========= C:\Windows\System32\Drivers\etc\hosts => pomyślnie przeniesiono Hosts pomyślnie przywrócono. =========== EmptyTemp: ========== BITS transfer queue => 6578176 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 22314118 B Java, Flash, Steam htmlcache => 0 B Windows/system/drivers => 2632 B Edge => 0 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 0 B LocalService => 0 B NetworkService => 0 B ganon => 48388153 B RecycleBin => 75971 B EmptyTemp: => 73.8 MB danych tymczasowych Usunięto. ================================ Rezultat przenoszenia plików przy restarcie (Tryb startu: Normal) (Data i godzina: 10-07-2021 21:11:36) C:\ProgramData\Pulpit\CleanMyPC.lnk => został pomyślnie przeniesiony C:\Program Files\CleanMyPC => został pomyślnie przeniesiony ==== Koniec Fixlog 21:11:36 ====