Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja: 13-09-2020 Uruchomiony przez Admin (15-09-2020 16:48:15) Run:1 Uruchomiony z C:\Users\Admin\Desktop Załadowane profile: Admin Tryb startu: Normal ============================================== fixlist - zawartość: ***************** C:\Users\Admin\Desktop\Skróty\F-Secure SAFE.lnk C:\Users\Admin\Desktop\Skróty\Google Earth.lnk Task: {945FEE73-9E3D-4995-8256-BFA5246D1C16} - System32\Tasks\{E3036699-599A-46EE-A95E-E9FFDAFFE601} => C:\Windows\system32\pcalua.exe -a E:\lge.exe -d E:\ Task: {A025A9FE-FA11-4374-B19C-2CBDC3A94D88} - System32\Tasks\{5E341DD0-7A34-4ACC-9AED-4F0BA11804C0} => C:\Windows\system32\pcalua.exe -a C:\Users\Admin\Downloads\lide60vst6411111a_64en\SetupSG.exe -d C:\Users\Admin\Downloads\lide60vst6411111a_64en Task: {E99C0D4F-EED2-4CD1-8EF5-637ED0375F14} - \Microsoft\Windows\UNP\RunCampaignManager -> Brak pliku <==== UWAGA FirewallRules: [{D6FFBC73-E167-4AA1-BA4D-B28FBD360598}] => (Allow) C:\Users\Admin\AppData\Roaming\Zoom\bin\airhost.exe => Brak pliku FirewallRules: [{43A6517A-62BC-4708-9616-C89380AA48F9}] => (Allow) C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe => Brak pliku FirewallRules: [TCP Query User{818ADDC0-C32F-46F9-AAD9-D3CDADD02515}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe => Brak pliku FirewallRules: [UDP Query User{E192D11D-B00B-4FF9-87F6-8D5D7AF7A024}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe => Brak pliku Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"} EmptyTemp: ***************** C:\Users\Admin\Desktop\Skróty\F-Secure SAFE.lnk => pomyślnie przeniesiono C:\Users\Admin\Desktop\Skróty\Google Earth.lnk => pomyślnie przeniesiono "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{945FEE73-9E3D-4995-8256-BFA5246D1C16}" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{945FEE73-9E3D-4995-8256-BFA5246D1C16}" => pomyślnie usunięto C:\WINDOWS\System32\Tasks\{E3036699-599A-46EE-A95E-E9FFDAFFE601} => pomyślnie przeniesiono "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E3036699-599A-46EE-A95E-E9FFDAFFE601}" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A025A9FE-FA11-4374-B19C-2CBDC3A94D88}" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A025A9FE-FA11-4374-B19C-2CBDC3A94D88}" => pomyślnie usunięto C:\WINDOWS\System32\Tasks\{5E341DD0-7A34-4ACC-9AED-4F0BA11804C0} => pomyślnie przeniesiono "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5E341DD0-7A34-4ACC-9AED-4F0BA11804C0}" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E99C0D4F-EED2-4CD1-8EF5-637ED0375F14}" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E99C0D4F-EED2-4CD1-8EF5-637ED0375F14}" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => nie znaleziono "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D6FFBC73-E167-4AA1-BA4D-B28FBD360598}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{43A6517A-62BC-4708-9616-C89380AA48F9}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{818ADDC0-C32F-46F9-AAD9-D3CDADD02515}C:\program files (x86)\mozilla firefox\firefox.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{E192D11D-B00B-4FF9-87F6-8D5D7AF7A024}C:\program files (x86)\mozilla firefox\firefox.exe" => pomyślnie usunięto ========= wevtutil el | Foreach-Object {wevtutil cl "$_"} ========= wevtutil : Failed to clear log Microsoft-Windows-LiveId/Analytic. At C:\FRST\tmp.ps1:1 char:31 + wevtutil el | Foreach-Object {wevtutil cl "$_"} + ~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (Failed to clear...iveId/Analytic.:String) [], RemoteException + FullyQualifiedErrorId : NativeCommandError Odmowa dostŕpu. wevtutil : Failed to clear log Microsoft-Windows-LiveId/Operational. At C:\FRST\tmp.ps1:1 char:31 + wevtutil el | Foreach-Object {wevtutil cl "$_"} + ~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (Failed to clear...Id/Operational.:String) [], RemoteException + FullyQualifiedErrorId : NativeCommandError Odmowa dostŕpu. ========= Koniec Powershell: ========= =========== EmptyTemp: ========== BITS transfer queue => 10510336 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 126013973 B Java, Flash, Steam htmlcache => 3366 B Windows/system/drivers => 0 B Edge => 2673279 B Chrome => 20314949 B Firefox => 1001634126 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 6656 B Users => 6656 B ProgramData => 6656 B Public => 6656 B systemprofile => 6656 B systemprofile32 => 6656 B LocalService => 366890 B NetworkService => 115241426 B Admin => 140897981 B Administrator => 140919427 B RecycleBin => 0 B EmptyTemp: => 1.5 GB danych tymczasowych Usunięto. ================================ System wymagał restartu. ==== Koniec Fixlog 16:56:55 ====