Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja: 20-06-2021 Uruchomiony przez Radar (20-06-2021 15:50:45) Run:1 Uruchomiony z D:\Programy\7. Antywirus\FRST Załadowane profile: Radar & DefaultAppPool Tryb startu: Normal ============================================== fixlist - zawartość: ***************** CloseProcesses: CreateRestorePoint: S1 amsdk; \??\C:\WINDOWS\system32\drivers\amsdk.sys [X] HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\amsdk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\amsdk.sys => ""="Driver" HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe" HKLM\...\StartupApproved\Run32: => "CsrAudioguiCtrl" HKLM\...\StartupApproved\Run32: => "CSRHarmonySkypePlugin" HKLM\...\StartupApproved\Run32: => "CsrHCRPServer" HKLM\...\StartupApproved\Run32: => "CsrSyncMLServer" HKLM\...\StartupApproved\Run32: => "HarmonyUserStartup" HKLM\...\StartupApproved\Run32: => "TrayApplication" HKLM\...\StartupApproved\Run32: => "vksts" HKLM\...\StartupApproved\Run32: => "vmware-tray.exe" HKU\S-1-5-21-3062910227-2173904043-3200923844-1001\...\StartupApproved\Run: => "CCXProcess" HKU\S-1-5-21-3062910227-2173904043-3200923844-1001\...\StartupApproved\Run: => "RaiDrive" HKLM\...\Policies\Explorer: [NoRecentDocsNetHood] 0 HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0 HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig] <==== UWAGA HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA HKU\S-1-5-21-3062910227-2173904043-3200923844-1001\...\Policies\Explorer: [NoPreviewPane] 0 HKU\S-1-5-21-3062910227-2173904043-3200923844-1001\...\Policies\Explorer: [NoTrayContextMenu] 0 HKU\S-1-5-21-3062910227-2173904043-3200923844-1001\...\Policies\Explorer: [NoSetTaskbar] 0 HKU\S-1-5-21-3062910227-2173904043-3200923844-1001\...\Policies\Explorer: [NoViewContextMenu] 0 HKU\S-1-5-21-3062910227-2173904043-3200923844-1001\...\MountPoints2: E - "E:\setup.EXE" /AUTORUN HKU\S-1-5-21-3062910227-2173904043-3200923844-1001\...\MountPoints2: {34411498-a200-11eb-9c92-bc542f5f99ce} - "G:\AutoRun.exe" GroupPolicy: Ograniczenia ? <==== UWAGA Policies: C:\ProgramData\NTUSER.pol: Ograniczenia <==== UWAGA HKLM\SOFTWARE\Policies\Microsoft\Edge: Ograniczenia <==== UWAGA HKU\S-1-5-21-3062910227-2173904043-3200923844-1001\SOFTWARE\Policies\Microsoft\Edge: Ograniczenia <==== UWAGA Edge Extension: (Brak nazwy) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [nie znaleziono] Edge Extension: (Brak nazwy) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [nie znaleziono] Edge Extension: (Brak nazwy) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [nie znaleziono] Edge Extension: (Brak nazwy) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [nie znaleziono] DeleteKey: HKCU\Software\Mozilla DeleteKey: HKLM\SOFTWARE\Google DeleteKey: HKLM\SOFTWARE\MozillaPlugins DeleteKey: HKLM\SOFTWARE\Wow6432Node\Google DeleteKey: HKLM\SOFTWARE\Wow6432Node\MozillaPlugins C:\Users\Radar\AppData\Roaming\system32 C:\Users\Radar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\FlashPeak Slimjet (64 bit).lnk Folder: C:\WINDOWS\c Folder: C:\WINDOWS\w Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"} EmptyTemp: ***************** Procesy zostały pomyślnie zamknięte. Punkt przywracania został pomyślnie utworzony. HKLM\System\CurrentControlSet\Services\amsdk => pomyślnie usunięto amsdk => serwis pomyślnie usunięto HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\amsdk.sys => pomyślnie usunięto HKLM\System\CurrentControlSet\Control\SafeBoot\Network\amsdk.sys => pomyślnie usunięto "HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\WindowsDefender" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\CsrAudioguiCtrl" => pomyślnie usunięto "HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\CsrAudioguiCtrl" => nie znaleziono "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\CSRHarmonySkypePlugin" => pomyślnie usunięto "HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\CSRHarmonySkypePlugin" => nie znaleziono "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\CsrHCRPServer" => pomyślnie usunięto "HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\CsrHCRPServer" => nie znaleziono "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\CsrSyncMLServer" => pomyślnie usunięto "HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\CsrSyncMLServer" => nie znaleziono "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\HarmonyUserStartup" => pomyślnie usunięto "HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\HarmonyUserStartup" => nie znaleziono "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\TrayApplication" => pomyślnie usunięto "HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\TrayApplication" => nie znaleziono "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\vksts" => pomyślnie usunięto "HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\vksts" => nie znaleziono "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\vmware-tray.exe" => pomyślnie usunięto "HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\vmware-tray.exe" => nie znaleziono "HKU\S-1-5-21-3062910227-2173904043-3200923844-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\CCXProcess" => pomyślnie usunięto "HKU\S-1-5-21-3062910227-2173904043-3200923844-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\CCXProcess" => nie znaleziono "HKU\S-1-5-21-3062910227-2173904043-3200923844-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\RaiDrive" => pomyślnie usunięto "HKU\S-1-5-21-3062910227-2173904043-3200923844-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\RaiDrive" => nie znaleziono "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoRecentDocsNetHood" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoChangeStartMenu" => pomyślnie usunięto HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore => pomyślnie usunięto HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => pomyślnie usunięto "HKU\S-1-5-21-3062910227-2173904043-3200923844-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoPreviewPane" => pomyślnie usunięto "HKU\S-1-5-21-3062910227-2173904043-3200923844-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayContextMenu" => pomyślnie usunięto "HKU\S-1-5-21-3062910227-2173904043-3200923844-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetTaskbar" => pomyślnie usunięto "HKU\S-1-5-21-3062910227-2173904043-3200923844-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewContextMenu" => pomyślnie usunięto HKU\S-1-5-21-3062910227-2173904043-3200923844-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E => pomyślnie usunięto HKU\S-1-5-21-3062910227-2173904043-3200923844-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{34411498-a200-11eb-9c92-bc542f5f99ce} => pomyślnie usunięto C:\WINDOWS\system32\GroupPolicy\Machine => pomyślnie przeniesiono C:\WINDOWS\system32\GroupPolicy\GPT.ini => pomyślnie przeniesiono C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => pomyślnie przeniesiono C:\ProgramData\NTUSER.pol => pomyślnie przeniesiono HKLM\SOFTWARE\Policies\Microsoft\Edge => pomyślnie usunięto HKU\S-1-5-21-3062910227-2173904043-3200923844-1001\SOFTWARE\Policies\Microsoft\Edge => pomyślnie usunięto HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => pomyślnie usunięto HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\BookReader_B171F20233094AC88D05A8EF7B9763E8 => pomyślnie usunięto HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => pomyślnie usunięto HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => pomyślnie usunięto HKCU\Software\Mozilla => pomyślnie usunięto "HKLM\SOFTWARE\Google" => pomyślnie usunięto HKLM\SOFTWARE\MozillaPlugins => pomyślnie usunięto HKLM\SOFTWARE\Wow6432Node\Google => pomyślnie usunięto HKLM\SOFTWARE\Wow6432Node\MozillaPlugins => pomyślnie usunięto C:\Users\Radar\AppData\Roaming\system32 => pomyślnie przeniesiono C:\Users\Radar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\FlashPeak Slimjet (64 bit).lnk => pomyślnie przeniesiono ========================= Folder: C:\WINDOWS\c ======================== 2019-11-04 06:20 - 2019-11-04 06:20 - 000596992 ____A [0AD6569F9F6A439E4AA122CE82DA7080] (curl, https://curl.haxx.se/) C:\WINDOWS\c\cu.exe ====== Koniec Folder: ====== ========================= Folder: C:\WINDOWS\w ======================== 2008-09-04 00:49 - 2008-09-04 00:49 - 001177600 ____A [6B854FFC12E5E2C32683A03714CF6C5D] (GnuWin32 ) C:\WINDOWS\w\libeay32.dll 2008-03-15 02:21 - 2008-03-15 02:21 - 001008128 ____A [E0DC8C6BBC787B972A9A468648DBFD85] (GnuWin32 ) C:\WINDOWS\w\libiconv2.dll 2005-05-06 23:52 - 2005-05-06 23:52 - 000103424 ____A [D202BAA425176287017FFE1FB5D1B77C] (GNU ) C:\WINDOWS\w\libintl3.dll 2008-09-04 00:49 - 2008-09-04 00:49 - 000232960 ____A [37580B9354E984BF7C1A2B4ED7FA824B] (GnuWin32 ) C:\WINDOWS\w\libssl32.dll 2008-12-31 17:03 - 2008-12-31 17:03 - 000449024 ____A [AA173375C21EA31B8CC615DCCB54E43B] (GnuWin32 ) C:\WINDOWS\w\w.exe ====== Koniec Folder: ====== ========= wevtutil el | Foreach-Object {wevtutil cl "$_"} ========= wevtutil : Failed to clear log Microsoft-Windows-LiveId/Analytic. At C:\FRST\tmp.ps1:1 char:31 + wevtutil el | Foreach-Object {wevtutil cl "$_"} + ~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (Failed to clear...iveId/Analytic.:String) [], RemoteException + FullyQualifiedErrorId : NativeCommandError Odmowa dostŕpu. wevtutil : Failed to clear log Microsoft-Windows-LiveId/Operational. At C:\FRST\tmp.ps1:1 char:31 + wevtutil el | Foreach-Object {wevtutil cl "$_"} + ~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (Failed to clear...Id/Operational.:String) [], RemoteException + FullyQualifiedErrorId : NativeCommandError Odmowa dostŕpu. wevtutil : Failed to clear log Microsoft-Windows-USBVideo/Analytic. At C:\FRST\tmp.ps1:1 char:31 + wevtutil el | Foreach-Object {wevtutil cl "$_"} + ~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (Failed to clear...Video/Analytic.:String) [], RemoteException + FullyQualifiedErrorId : NativeCommandError Przekazana nazwa wyst╣pienia nie zosta│a uznana przez dostawcŕ danych WMI za prawid│ow╣. ========= Koniec Powershell: ========= =========== EmptyTemp: ========== BITS transfer queue => 9461760 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 9589701 B Java, Flash, Steam htmlcache => 343 B Windows/system/drivers => 7880 B Edge => 17408 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 0 B LocalService => 0 B NetworkService => 0 B Radar => 3577378 B DefaultAppPool => 3577378 B RecycleBin => 2940 B EmptyTemp: => 25 MB danych tymczasowych Usunięto. ================================ System wymagał restartu. ==== Koniec Fixlog 15:51:12 ====