Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja: 19-05-2021 Uruchomiony przez Admin (20-05-2021 12:19:26) Run:1 Uruchomiony z C:\Users\Admin\Downloads Załadowane profile: Admin Tryb startu: Normal ============================================== fixlist - zawartość: ***************** HKU\S-1-5-21-2922760720-4043368837-1713385151-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.global-pl.com/ SearchScopes: HKU\S-1-5-21-2922760720-4043368837-1713385151-1001 -> DefaultScope {E27A8949-E562-4E02-833A-E8F1403C6750} URL = hxxp://www.global-pl.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-2922760720-4043368837-1713385151-1001 -> {E27A8949-E562-4E02-833A-E8F1403C6750} URL = hxxp://www.global-pl.com/search?q={searchTerms} FirewallRules: [{3D1272F9-8CC4-4A23-9608-443646FF152E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => Brak pliku FirewallRules: [{915DD4EA-7E10-44F1-836E-3DC45AFFC9AA}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => Brak pliku FirewallRules: [{CE380615-7967-48E9-B065-946ACD3CB198}] => (Allow) C:\Users\Admin\AppData\Roaming\Zoom\bin\airhost.exe => Brak pliku FirewallRules: [{4DDEDB65-E101-40CA-BA1E-9D65D6CD00C9}] => (Allow) C:\Users\Admin\AppData\Roaming\Zoom\bin\airhost.exe => Brak pliku FirewallRules: [TCP Query User{30EAC5C5-2B7E-4445-A78D-5D84478D62EE}C:\users\admin\desktop\sdi\sdi_x64_r2102.exe] => (Allow) C:\users\admin\desktop\sdi\sdi_x64_r2102.exe => Brak pliku FirewallRules: [UDP Query User{225DB41A-7AF0-405F-AC5D-42C740F93B96}C:\users\admin\desktop\sdi\sdi_x64_r2102.exe] => (Allow) C:\users\admin\desktop\sdi\sdi_x64_r2102.exe => Brak pliku HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk [2021-05-19] ShortcutTarget: $McRebootA5E6DEAA56$.lnk -> (Brak pliku) HKLM\SOFTWARE\Policies\Mozilla\Firefox: Ograniczenia <==== UWAGA HKLM\SOFTWARE\Policies\Google: Ograniczenia <==== UWAGA Task: {E3A9D93F-56F5-498C-94F6-89319B4AB45A} - System32\Tasks\ByteFence => c:\program files\bytefence\ByteFence.exe <==== UWAGA RemoveDirectory: c:\program files\bytefence Task: {B039A52D-73D0-42A6-9FC1-85F3030233C0} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe Task: {350BFACD-3656-4265-AEA8-4CE2AE0E1123} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe Edge HomeButtonPage: HKU\S-1-5-21-2922760720-4043368837-1713385151-1001 -> hxxp://www.global-pl.com/ FF Homepage: Mozilla\Firefox\Profiles\6z2zwmem.default-release -> hxxp://www.global-pl.com/ CHR HomePage: Default -> hxxp://www.global-pl.com/ CHR StartupUrls: Default -> "hxxp://www.global-pl.com/" CHR DefaultSearchURL: Default -> hxxps://pl.search.yahoo.com/search?fr=mcafee_uninternational&type=E210PL91105G0&p={searchTerms} CHR Extension: (McAfee® WebAdvisor) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2021-05-19] C:\WINDOWS\Minidump\*.dmp RemoveDirectory: C:\ProgramData\boost_interprocess HOSTS: Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"} EmptyTemp: ***************** HKU\S-1-5-21-2922760720-4043368837-1713385151-1001\Software\Microsoft\Internet Explorer\Main\\"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" => Wartość pomyślnie przywrócono "HKU\S-1-5-21-2922760720-4043368837-1713385151-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => pomyślnie usunięto HKU\S-1-5-21-2922760720-4043368837-1713385151-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E27A8949-E562-4E02-833A-E8F1403C6750} => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3D1272F9-8CC4-4A23-9608-443646FF152E}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{915DD4EA-7E10-44F1-836E-3DC45AFFC9AA}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CE380615-7967-48E9-B065-946ACD3CB198}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4DDEDB65-E101-40CA-BA1E-9D65D6CD00C9}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{30EAC5C5-2B7E-4445-A78D-5D84478D62EE}C:\users\admin\desktop\sdi\sdi_x64_r2102.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{225DB41A-7AF0-405F-AC5D-42C740F93B96}C:\users\admin\desktop\sdi\sdi_x64_r2102.exe" => pomyślnie usunięto HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => pomyślnie usunięto C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk => pomyślnie przeniesiono "ShortcutTarget: $McRebootA5E6DEAA56$.lnk -> (Brak pliku)" => nie znaleziono HKLM\SOFTWARE\Policies\Mozilla => pomyślnie usunięto HKLM\SOFTWARE\Policies\Google => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E3A9D93F-56F5-498C-94F6-89319B4AB45A}" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E3A9D93F-56F5-498C-94F6-89319B4AB45A}" => pomyślnie usunięto C:\WINDOWS\System32\Tasks\ByteFence => pomyślnie przeniesiono "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ByteFence" => pomyślnie usunięto "c:\program files\bytefence" => nie znaleziono "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{B039A52D-73D0-42A6-9FC1-85F3030233C0}" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B039A52D-73D0-42A6-9FC1-85F3030233C0}" => pomyślnie usunięto C:\WINDOWS\System32\Tasks\Avast Software\Overseer => pomyślnie przeniesiono "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avast Software\Overseer" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{350BFACD-3656-4265-AEA8-4CE2AE0E1123}" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{350BFACD-3656-4265-AEA8-4CE2AE0E1123}" => pomyślnie usunięto C:\WINDOWS\System32\Tasks\Avast Emergency Update => pomyślnie przeniesiono "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avast Emergency Update" => pomyślnie usunięto "HKU\S-1-5-21-2922760720-4043368837-1713385151-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\\HomeButtonPage" => pomyślnie usunięto "Firefox homepage" => pomyślnie usunięto "Chrome HomePage" => pomyślnie usunięto "Chrome StartupUrls" => pomyślnie usunięto "Chrome DefaultSearchURL" => pomyślnie usunięto CHR Extension: (McAfee® WebAdvisor) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2021-05-19] => Błąd: Nie znaleziono automatycznej naprawy dla tego wejścia. =========== "C:\WINDOWS\Minidump\*.dmp" ========== C:\WINDOWS\Minidump\051921-55046-01.dmp => pomyślnie przeniesiono C:\WINDOWS\Minidump\051921-66718-01.dmp => pomyślnie przeniesiono C:\WINDOWS\Minidump\051921-79484-01.dmp => pomyślnie przeniesiono C:\WINDOWS\Minidump\051921-79906-01.dmp => pomyślnie przeniesiono C:\WINDOWS\Minidump\051921-84578-01.dmp => pomyślnie przeniesiono ========= Koniec -> "C:\WINDOWS\Minidump\*.dmp" ======== "C:\ProgramData\boost_interprocess" => pomyślnie usunięto C:\Windows\System32\Drivers\etc\hosts => pomyślnie przeniesiono Hosts pomyślnie przywrócono. ========= wevtutil el | Foreach-Object {wevtutil cl "$_"} ========= wevtutil : Failed to clear log Microsoft-Windows-LiveId/Analytic. At C:\FRST\tmp.ps1:1 char:31 + wevtutil el | Foreach-Object {wevtutil cl "$_"} + ~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (Failed to clear...iveId/Analytic.:String) [], RemoteException + FullyQualifiedErrorId : NativeCommandError Odmowa dostŕpu. wevtutil : Failed to clear log Microsoft-Windows-LiveId/Operational. At C:\FRST\tmp.ps1:1 char:31 + wevtutil el | Foreach-Object {wevtutil cl "$_"} + ~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (Failed to clear...Id/Operational.:String) [], RemoteException + FullyQualifiedErrorId : NativeCommandError Odmowa dostŕpu. wevtutil : Failed to clear log Microsoft-Windows-USBVideo/Analytic. At C:\FRST\tmp.ps1:1 char:31 + wevtutil el | Foreach-Object {wevtutil cl "$_"} + ~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (Failed to clear...Video/Analytic.:String) [], RemoteException + FullyQualifiedErrorId : NativeCommandError Przekazana nazwa wyst╣pienia nie zosta│a uznana przez dostawcŕ danych WMI za prawid│ow╣. ========= Koniec 3 Powershell: ========= =========== EmptyTemp: ========== BITS transfer queue => 10510336 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 41217525 B Java, Flash, Steam htmlcache => 50895251 B Windows/system/drivers => 27200915 B Edge => 35328 B Chrome => 10186651 B Firefox => 7615290 B Opera => 138619947 B Temp, IE cache, history, cookies, recent: Default => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 0 B LocalService => 125160 B NetworkService => 125160 B Admin => 954229222 B RecycleBin => 356557 B EmptyTemp: => 1.2 GB danych tymczasowych Usunięto. ================================ System wymagał restartu. ==== Koniec 3 Fixlog 12:25:08 ====