Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja: 28-12-2019 Uruchomiony przez dudimek (30-12-2019 19:21:17) Run:1 Uruchomiony z C:\Users\dudimek\Desktop Załadowane profile: dudimek (Dostępne profile: dudimek) Tryb startu: Normal ============================================== fixlist - zawartość: ***************** CloseProcesses: CreateRestorePoint: EmptyTemp: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA HKU\S-1-5-21-1406169887-4253107244-1405716791-1002\...\MountPoints2: {5d428a85-ed6c-11e7-87e0-309c230f0505} - "G:\autorun.exe" Task: {37240456-8654-41E2-9BE1-5B59C9465B63} - System32\Tasks\Chromium nemic => C:\Windows\system32\wscript.exe "C:\ProgramData\{38C5FDA6-B287-7760-3441-E922AE0362EC}\tera.txt" "68747470733a2f2f6b6174756e61712e636f6d" "433a5c50726f6772616d446174615c7b33384335464441362d423238372d373736302d333434312d4539323241453033363245437d5c66616c696d69" "433a5c50726f6772616d446174615c7b33384335464441362d423238372d373736302d (dane wartości zawierają 84 znaków więcej). <==== UWAGA Task: {E9AF580E-700C-40A5-9257-1A17086F97DE} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1} Tcpip\..\Interfaces\{36bba572-544e-45e5-ae3b-c063581aca74}: [DhcpNameServer] 192.168.7.1 195.189.88.11 194.204.152.34 Tcpip\..\Interfaces\{a8e88b06-d2ff-457e-8935-b1caa3d223c8}: [DhcpNameServer] 192.168.7.1 8.8.8.8 194.204.152.34 HKU\S-1-5-21-1406169887-4253107244-1405716791-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.pl/?gws_rd=ssl CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Internet Security\Engine\22.19.9.63\Exts\Chrome.crx CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Internet Security\Engine\22.19.9.63\Exts\Chrome.crx CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku AlternateDataStreams: C:\Users\dudimek\OneDrive:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity [130] AlternateDataStreams: C:\Users\Public\AppData:CSM [464] AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [476] FirewallRules: [UDP Query User{774315B2-197C-4847-A062-57F342E47F91}C:\users\dudimek\appdata\local\gamecenter\gamecenter.exe] => (Allow) C:\users\dudimek\appdata\local\gamecenter\gamecenter.exe (Mail.Ru, LLC -> ) FirewallRules: [TCP Query User{2AF9AA96-4782-4047-A2A9-478B7425E03C}C:\users\dudimek\appdata\local\gamecenter\gamecenter.exe] => (Allow) C:\users\dudimek\appdata\local\gamecenter\gamecenter.exe (Mail.Ru, LLC -> ) FirewallRules: [UDP Query User{D2D9E001-3CE9-4D12-AF51-1D407102028A}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe Brak pliku FirewallRules: [TCP Query User{2F5ADA9F-FF86-4ED6-B84A-3C6E6D3AE356}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe Brak pliku FirewallRules: [UDP Query User{459CA9DB-6882-4D31-9568-875CA6DD86E5}D:\gry\fortninte\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\gry\fortninte\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe Brak pliku FirewallRules: [TCP Query User{28AB681A-77B6-42FF-80B0-5B6D045538DF}D:\gry\fortninte\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\gry\fortninte\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe Brak pliku FirewallRules: [UDP Query User{F80C5FA3-9611-4B13-934E-AAE315F4E48A}C:\users\dudimek\appdata\local\mycomgames\mycomgames.exe] => (Allow) C:\users\dudimek\appdata\local\mycomgames\mycomgames.exe (Mail.Ru, LLC -> MY.COM B.V.) FirewallRules: [TCP Query User{9B122546-00A2-4AA1-B056-7E74F4638FE6}C:\users\dudimek\appdata\local\mycomgames\mycomgames.exe] => (Allow) C:\users\dudimek\appdata\local\mycomgames\mycomgames.exe (Mail.Ru, LLC -> MY.COM B.V.) FirewallRules: [{1A154949-C76C-47FB-BAA7-B3BD6568DA4B}] => (Allow) D:\Gry\Sims 4\The Sims 4\Game\Bin\TS4.exe Brak pliku FirewallRules: [{CACBC4B9-D1C8-4260-B50B-1F2A909D6C30}] => (Allow) D:\Gry\Sims 4\The Sims 4\Game\Bin\TS4.exe Brak pliku FirewallRules: [{52157EB5-FFC8-4661-B5E0-D58FEB290FE4}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe Brak pliku FirewallRules: [{602579FF-F44A-4D17-9C53-6DA2A5409564}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe Brak pliku FirewallRules: [{871EA9F8-2818-4A10-BBAB-36B3968414A5}] => (Allow) LPort=2869 FirewallRules: [{C02C6EF7-FC78-438D-A122-D826E3861F87}] => (Allow) LPort=1900 FirewallRules: [TCP Query User{CEC9BACC-37D5-4FD2-B9C1-6BE6E26A00F2}D:\gry\fortninte\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Block) D:\gry\fortninte\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe Brak pliku FirewallRules: [UDP Query User{FC149A75-8F4D-473D-A8FB-2418D309CE0D}D:\gry\fortninte\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Block) D:\gry\fortninte\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe Brak pliku FirewallRules: [{8DA1EF43-A2DB-4210-99CC-3D5511BFC81A}] => (Allow) LPort=1542 FirewallRules: [{A9EF3A4B-98A5-425F-9657-89BC9EAE3E98}] => (Allow) LPort=1542 FirewallRules: [{BE35FC82-1BCC-4642-83E8-6D85E4A7912E}] => (Allow) LPort=53 FirewallRules: [{B8C7D4B3-CBD2-40F5-BF99-A8B7F74F09D2}] => (Allow) LPort=53 FirewallRules: [TCP Query User{BCC19772-60D3-4986-A73B-C9DED61DF41E}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Block) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe Brak pliku FirewallRules: [UDP Query User{EC60177D-0BF2-4FF6-B8CE-B6621D0A95E0}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Block) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe Brak pliku FirewallRules: [TCP Query User{BC4D5303-DF15-41F2-9D47-CC073CFED5CA}C:\users\dudimek\appdata\local\gamecenter\gamecenter.exe] => (Block) C:\users\dudimek\appdata\local\gamecenter\gamecenter.exe (Mail.Ru, LLC -> ) FirewallRules: [UDP Query User{8D65182F-6B27-4CDB-8AB5-8E61D67F6F5D}C:\users\dudimek\appdata\local\gamecenter\gamecenter.exe] => (Block) C:\users\dudimek\appdata\local\gamecenter\gamecenter.exe (Mail.Ru, LLC -> ) FirewallRules: [TCP Query User{3904EAA2-2A85-4389-BF7E-5B909C2CF60A}C:\program files (x86)\java\jre1.8.0_171\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_171\bin\javaw.exe FirewallRules: [UDP Query User{5113ACA0-4BA6-429E-9516-45EEA58969E9}C:\program files (x86)\java\jre1.8.0_171\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_171\bin\javaw.exe FirewallRules: [{A4E90543-B888-48B7-B686-83A93CB05D02}] => (Allow) D:\Gry\Sims 4\The Sims 4\Game\Bin\TS4.exe Brak pliku FirewallRules: [{040C8361-8772-4B90-B751-EDBD1BE2E1E6}] => (Allow) D:\Gry\Sims 4\The Sims 4\Game\Bin\TS4.exe Brak pliku Hosts: RemoveProxy: ***************** Procesy zostały pomyślnie zamknięte. Punkt przywracania został pomyślnie utworzony. HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => pomyślnie usunięto HKU\S-1-5-21-1406169887-4253107244-1405716791-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5d428a85-ed6c-11e7-87e0-309c230f0505} => pomyślnie usunięto HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{37240456-8654-41E2-9BE1-5B59C9465B63} => pomyślnie usunięto HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{37240456-8654-41E2-9BE1-5B59C9465B63} => pomyślnie usunięto C:\WINDOWS\System32\Tasks\Chromium nemic => pomyślnie przeniesiono HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Chromium nemic => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E9AF580E-700C-40A5-9257-1A17086F97DE}" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E9AF580E-700C-40A5-9257-1A17086F97DE}" => pomyślnie usunięto C:\WINDOWS\System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => pomyślnie przeniesiono "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task" => pomyślnie usunięto "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{36bba572-544e-45e5-ae3b-c063581aca74}\\DhcpNameServer" => pomyślnie usunięto "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{a8e88b06-d2ff-457e-8935-b1caa3d223c8}\\DhcpNameServer" => pomyślnie usunięto HKU\S-1-5-21-1406169887-4253107244-1405716791-1002\Software\Microsoft\Internet Explorer\Main\\"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" => Wartość pomyślnie przywrócono HKLM\SOFTWARE\Google\Chrome\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe => pomyślnie usunięto HKLM\SOFTWARE\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho => pomyślnie usunięto HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe => pomyślnie usunięto HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho => pomyślnie usunięto HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => pomyślnie usunięto C:\Users\dudimek\OneDrive => ":${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity" ADS niepowodzenie przy usuwaniu. C:\Users\Public\AppData => ":CSM" ADS pomyślnie usunięto C:\Users\Public\Shared Files => ":VersionCache" ADS pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{774315B2-197C-4847-A062-57F342E47F91}C:\users\dudimek\appdata\local\gamecenter\gamecenter.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{2AF9AA96-4782-4047-A2A9-478B7425E03C}C:\users\dudimek\appdata\local\gamecenter\gamecenter.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{D2D9E001-3CE9-4D12-AF51-1D407102028A}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{2F5ADA9F-FF86-4ED6-B84A-3C6E6D3AE356}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{459CA9DB-6882-4D31-9568-875CA6DD86E5}D:\gry\fortninte\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{28AB681A-77B6-42FF-80B0-5B6D045538DF}D:\gry\fortninte\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{F80C5FA3-9611-4B13-934E-AAE315F4E48A}C:\users\dudimek\appdata\local\mycomgames\mycomgames.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{9B122546-00A2-4AA1-B056-7E74F4638FE6}C:\users\dudimek\appdata\local\mycomgames\mycomgames.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1A154949-C76C-47FB-BAA7-B3BD6568DA4B}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CACBC4B9-D1C8-4260-B50B-1F2A909D6C30}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{52157EB5-FFC8-4661-B5E0-D58FEB290FE4}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{602579FF-F44A-4D17-9C53-6DA2A5409564}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{871EA9F8-2818-4A10-BBAB-36B3968414A5}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C02C6EF7-FC78-438D-A122-D826E3861F87}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{CEC9BACC-37D5-4FD2-B9C1-6BE6E26A00F2}D:\gry\fortninte\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{FC149A75-8F4D-473D-A8FB-2418D309CE0D}D:\gry\fortninte\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8DA1EF43-A2DB-4210-99CC-3D5511BFC81A}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A9EF3A4B-98A5-425F-9657-89BC9EAE3E98}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BE35FC82-1BCC-4642-83E8-6D85E4A7912E}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B8C7D4B3-CBD2-40F5-BF99-A8B7F74F09D2}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{BCC19772-60D3-4986-A73B-C9DED61DF41E}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{EC60177D-0BF2-4FF6-B8CE-B6621D0A95E0}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{BC4D5303-DF15-41F2-9D47-CC073CFED5CA}C:\users\dudimek\appdata\local\gamecenter\gamecenter.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{8D65182F-6B27-4CDB-8AB5-8E61D67F6F5D}C:\users\dudimek\appdata\local\gamecenter\gamecenter.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{3904EAA2-2A85-4389-BF7E-5B909C2CF60A}C:\program files (x86)\java\jre1.8.0_171\bin\javaw.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{5113ACA0-4BA6-429E-9516-45EEA58969E9}C:\program files (x86)\java\jre1.8.0_171\bin\javaw.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A4E90543-B888-48B7-B686-83A93CB05D02}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{040C8361-8772-4B90-B751-EDBD1BE2E1E6}" => pomyślnie usunięto C:\Windows\System32\Drivers\etc\hosts => pomyślnie przeniesiono Hosts pomyślnie przywrócono. ========= RemoveProxy: ========= "HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => pomyślnie usunięto "HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => pomyślnie usunięto "HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => pomyślnie usunięto "HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => pomyślnie usunięto "HKU\S-1-5-21-1406169887-4253107244-1405716791-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => pomyślnie usunięto "HKU\S-1-5-21-1406169887-4253107244-1405716791-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => pomyślnie usunięto ========= Koniec RemoveProxy: ========= =========== EmptyTemp: ========== BITS transfer queue => 10248192 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 356280817 B Java, Flash, Steam htmlcache => 320222968 B Windows/system/drivers => 0 B Edge => 3447368 B Chrome => 1087100 B Firefox => 19065033 B Opera => 478091367 B Temp, IE cache, history, cookies, recent: Default => 0 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 0 B LocalService => 41400 B NetworkService => 41400 B dudimek => 1611044 B RecycleBin => 2132057 B EmptyTemp: => 1.1 GB danych tymczasowych Usunięto. ================================ System wymagał restartu. ==== Koniec Fixlog 19:22:49 ====