Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja: 18-04-2022 01 Uruchomiony przez Intel (18-04-2022 16:39:04) Run:1 Uruchomiony z C:\Users\Intel\Desktop\dfs Załadowane profile: Intel & polic & Ryszard Tryb startu: Normal ============================================== fixlist - zawartość: ***************** SystemRestore: On CreateRestorePoint: CloseProcesses: HKLM-x32\...\Run: [Opera Browser Assistant] => C:\Program Files (x86)\Opera\assistant\browser_assistant.exe [4105424 2021-10-14] (Opera Software AS -> Opera Software) HKU\S-1-5-21-3421411951-854567962-3898249824-1001\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Intel\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" HKU\S-1-5-21-3421411951-854567962-3898249824-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Intel\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" HKU\S-1-5-21-3421411951-854567962-3898249824-1001\...\RunOnce: [Uninstall 22.012.0117.0003] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Intel\AppData\Local\Microsoft\OneDrive\22.012.0117.0003" HKU\S-1-5-21-3421411951-854567962-3898249824-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 Task: {07658083-F662-4672-BF6F-84E0B958C5A7} - System32\Tasks\Microsoft\Windows\rempl\shell-usoscan => C:\Program Files\rempl\remsh.exe /RunUsoScanOnly (Brak pliku) Task: {1061B319-7ABD-4643-B106-12A0941337FF} - System32\Tasks\Opera scheduled assistant Autoupdate 1576842965 => C:\Program Files (x86)\Opera\launcher.exe [1868032 2022-04-06] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Program Files (x86)\Opera\assistant" $(Arg0) Task: {233A9485-770A-4CC2-BF4E-4AE2CE8377B0} - System32\Tasks\TR_AntiHijack => C:\Program Files (x86)\Trojan Remover\TRAntiHJ.exe (Brak pliku) Task: {464153E3-91FB-487B-8715-1163D3357B2B} - System32\Tasks\TR_Updater => C:\Program Files (x86)\Trojan Remover\Trupd.exe [6628120 2022-03-15] (Simply Super Software -> Simply Super Software) Task: {4B0B6C66-6C5F-48D8-BF36-DFB7CF84E9C7} - System32\Tasks\TR_FastScan_Daily_Intel => C:\Program Files (x86)\Trojan Remover\Trjscan.exe [6467352 2022-01-28] (Simply Super Software -> Simply Super Software) Task: {CED9AE42-AF41-42D1-9E3D-520545A1CE6E} - System32\Tasks\TR_FastScan_AtLogon => C:\Program Files (x86)\Trojan Remover\Trjscan.exe [6467352 2022-01-28] (Simply Super Software -> Simply Super Software) Task: {6E28B2A0-E453-45C7-B299-9108855F3D25} - System32\Tasks\Odkurzacz => C:\Program Files (x86)\Odkurzacz\odkurzacz.exe [1069056 2017-01-18] (FranmoSoftware) [Brak podpisu cyfrowego] Task: {7F2D9A02-5183-45C5-8EB9-84AAEBD236FF} - System32\Tasks\Microsoft\Windows\CUAssistant\CULauncher => C:\Program Files\CUAssistant\culauncher.exe (Brak pliku) Task: {AE30C31B-702E-4E1B-BB40-234DB12FF454} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_303_pepper.exe [1453112 2019-12-10] (Adobe Inc. -> Adobe) Task: {CE282E40-2238-4269-AB68-48BDA281AA9C} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-12-10] (Adobe Inc. -> Adobe) Task: {D8DE2C5F-C478-4644-95DF-550F8B3CFC9C} - System32\Tasks\Opera scheduled Autoupdate 1497092323 => C:\Program Files (x86)\Opera\launcher.exe [1868032 2022-04-06] (Opera Software AS -> Opera Software) Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{181ab096-eb3a-4b31-9c5c-f2300c6b2d53}: [DhcpNameServer] 192.168.8.1 192.168.8.1 Tcpip\..\Interfaces\{2effd9ae-00ff-454b-ba97-9d95f1e2be3f}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{5a0b22f7-708b-402c-8a58-90d413cac0be}: [DhcpNameServer] 192.168.42.129 Tcpip\..\Interfaces\{7197f084-7864-4446-9144-b7ece374b510}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{7610c7aa-028c-44c7-b8be-040c2b02d4a9}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{7de04a18-4613-4a8e-b2ca-31e1f0b1cd87}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Edge Extension: (Brak nazwy) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [nie znaleziono] Edge Extension: (Brak nazwy) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [nie znaleziono] FF user.js: detected! => C:\Users\Intel\AppData\Roaming\Mozilla\Firefox\Profiles\8ehixq4c.default\user.js [2018-03-04] FF Extension: (Telemetry coverage) - C:\Users\Intel\AppData\Roaming\Mozilla\Firefox\Profiles\8ehixq4c.default\features\{a7794ef8-fdaa-4eac-b85a-d4d98f232bce}\telemetry-coverage-bug1487578@mozilla.org.xpi [2018-09-18] [Przestarzałe] FF Extension: (Brak nazwy) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [nie znaleziono] CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] Speedtest by Ookla -> C:\Program Files\WindowsApps\Ookla.SpeedtestbyOokla_1.15.163.0_x64__43tkc6nmykmb6 [2022-04-17] (Ookla) ContextMenuHandlers1: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll -> Brak pliku ContextMenuHandlers4: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll -> Brak pliku ContextMenuHandlers6: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll -> Brak pliku AlternateDataStreams: C:\WINDOWS\system32\Drivers\VClone.sys:$CmdTcID [130] AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9 [260] IE trusted site: HKU\S-1-5-21-3421411951-854567962-3898249824-1001\...\sharepoint.com -> hxxps://mszanaszkola-files.sharepoint.com BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll => Brak pliku Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\siteadvisor\mcieplg.dll Brak pliku C:\Program Files (x86)\IObit CMD: netsh advfirewall reset CMD: ipconfig /flushdns Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"} EmptyTemp: ***************** SystemRestore: On => ukończone Punkt przywracania został pomyślnie utworzony. Procesy zostały pomyślnie zamknięte. "HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Opera Browser Assistant" => pomyślnie usunięto "HKU\S-1-5-21-3421411951-854567962-3898249824-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Delete Cached Update Binary" => nie znaleziono "HKU\S-1-5-21-3421411951-854567962-3898249824-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Delete Cached Standalone Update Binary" => nie znaleziono "HKU\S-1-5-21-3421411951-854567962-3898249824-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall 22.012.0117.0003" => nie znaleziono "HKU\S-1-5-21-3421411951-854567962-3898249824-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLowDiskSpaceChecks" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{07658083-F662-4672-BF6F-84E0B958C5A7}" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{07658083-F662-4672-BF6F-84E0B958C5A7}" => pomyślnie usunięto C:\WINDOWS\System32\Tasks\Microsoft\Windows\rempl\shell-usoscan => pomyślnie przeniesiono "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\rempl\shell-usoscan" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{1061B319-7ABD-4643-B106-12A0941337FF}" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1061B319-7ABD-4643-B106-12A0941337FF}" => pomyślnie usunięto C:\WINDOWS\System32\Tasks\Opera scheduled assistant Autoupdate 1576842965 => pomyślnie przeniesiono "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Opera scheduled assistant Autoupdate 1576842965" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{233A9485-770A-4CC2-BF4E-4AE2CE8377B0}" => nie znaleziono "C:\WINDOWS\System32\Tasks\TR_AntiHijack" => nie znaleziono "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TR_AntiHijack" => nie znaleziono "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{464153E3-91FB-487B-8715-1163D3357B2B}" => nie znaleziono "C:\WINDOWS\System32\Tasks\TR_Updater" => nie znaleziono "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TR_Updater" => nie znaleziono "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4B0B6C66-6C5F-48D8-BF36-DFB7CF84E9C7}" => nie znaleziono "C:\WINDOWS\System32\Tasks\TR_FastScan_Daily_Intel" => nie znaleziono "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TR_FastScan_Daily_Intel" => nie znaleziono "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CED9AE42-AF41-42D1-9E3D-520545A1CE6E}" => nie znaleziono "C:\WINDOWS\System32\Tasks\TR_FastScan_AtLogon" => nie znaleziono "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TR_FastScan_AtLogon" => nie znaleziono "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6E28B2A0-E453-45C7-B299-9108855F3D25}" => nie znaleziono "C:\WINDOWS\System32\Tasks\Odkurzacz" => nie znaleziono "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Odkurzacz" => nie znaleziono "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7F2D9A02-5183-45C5-8EB9-84AAEBD236FF}" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7F2D9A02-5183-45C5-8EB9-84AAEBD236FF}" => pomyślnie usunięto C:\WINDOWS\System32\Tasks\Microsoft\Windows\CUAssistant\CULauncher => pomyślnie przeniesiono "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\CUAssistant\CULauncher" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AE30C31B-702E-4E1B-BB40-234DB12FF454}" => nie znaleziono "C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier" => nie znaleziono "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player PPAPI Notifier" => nie znaleziono "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CE282E40-2238-4269-AB68-48BDA281AA9C}" => nie znaleziono "C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater" => nie znaleziono "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater" => nie znaleziono "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{D8DE2C5F-C478-4644-95DF-550F8B3CFC9C}" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D8DE2C5F-C478-4644-95DF-550F8B3CFC9C}" => pomyślnie usunięto C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1497092323 => pomyślnie przeniesiono "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Opera scheduled Autoupdate 1497092323" => pomyślnie usunięto C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => pomyślnie przeniesiono "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer" => pomyślnie usunięto "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{181ab096-eb3a-4b31-9c5c-f2300c6b2d53}\\DhcpNameServer" => pomyślnie usunięto "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2effd9ae-00ff-454b-ba97-9d95f1e2be3f}\\DhcpNameServer" => pomyślnie usunięto "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5a0b22f7-708b-402c-8a58-90d413cac0be}\\DhcpNameServer" => pomyślnie usunięto "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7197f084-7864-4446-9144-b7ece374b510}\\DhcpNameServer" => pomyślnie usunięto "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7610c7aa-028c-44c7-b8be-040c2b02d4a9}\\DhcpNameServer" => pomyślnie usunięto "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7de04a18-4613-4a8e-b2ca-31e1f0b1cd87}\\DhcpNameServer" => pomyślnie usunięto HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => pomyślnie usunięto HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => pomyślnie usunięto C:\Users\Intel\AppData\Roaming\Mozilla\Firefox\Profiles\8ehixq4c.default\user.js => pomyślnie przeniesiono C:\Users\Intel\AppData\Roaming\Mozilla\Firefox\Profiles\8ehixq4c.default\features\{a7794ef8-fdaa-4eac-b85a-d4d98f232bce}\telemetry-coverage-bug1487578@mozilla.org.xpi => pomyślnie przeniesiono C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi => ścieżki pomyślnie usunięto HKLM\SOFTWARE\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho => nie znaleziono HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho => nie znaleziono Speedtest by Ookla -> C:\Program Files\WindowsApps\Ookla.SpeedtestbyOokla_1.15.163.0_x64__43tkc6nmykmb6 [2022-04-17] (Ookla) => Błąd: Nie znaleziono automatycznej naprawy dla tego wejścia. HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\IObitUnstaler => pomyślnie usunięto HKLM\Software\Classes\CLSID\{836AB26C-2DE4-41D3-AC24-4C6C2699B960} => pomyślnie usunięto HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\IObitUnstaler => pomyślnie usunięto HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\IObitUnstaler => pomyślnie usunięto C:\WINDOWS\system32\Drivers\VClone.sys => ":$CmdTcID" ADS pomyślnie usunięto C:\ProgramData\TEMP => ":CB0AACC9" ADS pomyślnie usunięto HKU\S-1-5-21-3421411951-854567962-3898249824-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sharepoint.com => pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814} => pomyślnie usunięto HKLM\Software\Classes\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814} => pomyślnie usunięto HKLM\Software\Classes\PROTOCOLS\Handler\sacore => pomyślnie usunięto HKLM\Software\Classes\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5} => pomyślnie usunięto C:\Program Files (x86)\IObit => pomyślnie przeniesiono ========= netsh advfirewall reset ========= Ok. ========= Koniec CMD: ========= ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= Koniec CMD: ========= ========= wevtutil el | Foreach-Object {wevtutil cl "$_"} ========= wevtutil : Failed to clear log Microsoft-Windows-LiveId/Analytic. At C:\FRST\tmp.ps1:1 char:31 + wevtutil el | Foreach-Object {wevtutil cl "$_"} + ~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (Failed to clear...iveId/Analytic.:String) [], RemoteException + FullyQualifiedErrorId : NativeCommandError Odmowa dostŕpu. wevtutil : Failed to clear log Microsoft-Windows-LiveId/Operational. At C:\FRST\tmp.ps1:1 char:31 + wevtutil el | Foreach-Object {wevtutil cl "$_"} + ~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (Failed to clear...Id/Operational.:String) [], RemoteException + FullyQualifiedErrorId : NativeCommandError Odmowa dostŕpu. wevtutil : Failed to clear log Microsoft-Windows-USBVideo/Analytic. At C:\FRST\tmp.ps1:1 char:31 + wevtutil el | Foreach-Object {wevtutil cl "$_"} + ~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (Failed to clear...Video/Analytic.:String) [], RemoteException + FullyQualifiedErrorId : NativeCommandError Przekazana nazwa wyst╣pienia nie zosta│a uznana przez dostawcŕ danych WMI za prawid│ow╣. ========= Koniec Powershell: ========= =========== EmptyTemp: ========== BITS transfer queue => 0 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 22374886 B Java, Flash, Steam htmlcache => 0 B Windows/system/drivers => 795755 B Edge => 49167087 B Chrome => 230600546 B Firefox => 81984076 B Opera => 133515931 B Temp, IE cache, history, cookies, recent: Default => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 0 B LocalService => 30922 B NetworkService => 30922 B Intel => 72757903 B polic => 72810965 B Ryszard => 78208248 B RecycleBin => 19767399 B EmptyTemp: => 726.7 MB danych tymczasowych Usunięto. ================================ System wymagał restartu. ==== Koniec Fixlog 16:42:26 ====