Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja: 26-06-2021 Uruchomiony przez HENIEK (29-06-2021 15:15:26) Run:2 Uruchomiony z C:\Users\HENIEK\Desktop Załadowane profile: HENIEK Tryb startu: Normal ============================================== fixlist - zawartość: ***************** SearchScopes: HKU\S-1-5-21-2151365465-1355736445-339537121-1001 -> {B6A86CBC-E4BB-4FCE-9D42-DCE202AB3CFE} URL = BHO: Brak nazwy -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> Brak pliku SearchScopes: HKU\S-1-5-21-2151365465-1355736445-339537121-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://do-search.com/web/?type=ds&ts=14 ... FB05436&q={searchTerms} HKU\S-1-5-21-2151365465-1355736445-339537121-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://do-search.com/?type=hp&ts=143341 ... J9JFB05436 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://do-search.com/web/?type=ds&ts=14 ... FB05436&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://do-search.com/web/?type=ds&ts=14 ... FB05436&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://do-search.com/?type=hp&ts=143341 ... J9JFB05436 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://do-search.com/?type=hp&ts=143341 ... J9JFB05436 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://do-search.com/web/?type=ds&ts=14 ... FB05436&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://do-search.com/web/?type=ds&ts=14 ... FB05436&q={searchTerms} FirewallRules: [{4F85CE37-9289-4B13-A14C-1D038AC600C2}] => (Allow) C:\Program Files (x86)\Opera\opera.exe => Brak pliku FirewallRules: [{28816FE1-F416-4D45-8643-FC64CDB79F88}] => (Allow) C:\Program Files (x86)\Opera\opera.exe => Brak pliku FirewallRules: [{C14038F1-AE77-4155-8F1C-7AC2AC9B25B5}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe => Brak pliku FirewallRules: [{7054EA68-D9C4-46DA-A2F0-5D57ED672F9C}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe => Brak pliku FirewallRules: [{19F4A53C-38D5-428B-9ACE-EBBE47BEB238}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe => Brak pliku FirewallRules: [{19F3FA68-F5EF-442B-849F-89F280FE90C2}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe => Brak pliku FirewallRules: [{086AFD48-A698-4CE6-AEF3-5534F78776F1}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe => Brak pliku FirewallRules: [{60EF84ED-FF1F-4834-B45D-72146A9F9945}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe => Brak pliku FirewallRules: [{C545ADD9-8F8E-4651-BC10-9C3D61787604}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe => Brak pliku FirewallRules: [{3464C986-1E9C-4B36-BD65-8B75CFC489CA}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe => Brak pliku FirewallRules: [TCP Query User{D884E502-12CC-430B-9DA7-10FE50230AAF}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe => Brak pliku FirewallRules: [UDP Query User{3BDF8FC6-7D05-400C-B0DB-88272D1A49BE}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe => Brak pliku FirewallRules: [TCP Query User{0570A3A9-E1C3-43C7-A75D-24832F97EC65}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe => Brak pliku HKU\S-1-5-21-2151365465-1355736445-339537121-1001\...\RunOnce: [Application Restart #3] => C:\Users\HENIEK\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe [9581800 2020-12-04] (Pokki, Inc. -> Pokki) HKU\S-1-5-21-2151365465-1355736445-339537121-1001\...\RunOnce: [Application Restart #2] => C:\Users\HENIEK\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe [9581800 2020-12-04] (Pokki, Inc. -> Pokki) HKLM\SOFTWARE\Policies\Mozilla\Firefox: Ograniczenia <==== UWAGA HKLM\SOFTWARE\Policies\Google: Ograniczenia <==== UWAGA Task: {D4452AD3-92A9-49B8-9008-E36DE06C9E0D} - System32\Tasks\SweetLabs App Platform => C:\Users\HENIEK\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe [10650856 2020-12-04] (Pokki, Inc. -> Pokki) RemoveDirectory: C:\Users\HENIEK\Desktop\FRST-OlderVersion Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"} EmptyTemp: ***************** HKU\S-1-5-21-2151365465-1355736445-339537121-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B6A86CBC-E4BB-4FCE-9D42-DCE202AB3CFE} => pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} => pomyślnie usunięto HKU\S-1-5-21-2151365465-1355736445-339537121-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => pomyślnie usunięto HKU\S-1-5-21-2151365465-1355736445-339537121-1001\Software\Microsoft\Internet Explorer\Main\\"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" => Wartość pomyślnie przywrócono HKLM\Software\\Microsoft\Internet Explorer\Main\\"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" => Wartość pomyślnie przywrócono HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" => Wartość pomyślnie przywrócono HKLM\Software\\Microsoft\Internet Explorer\Main\\"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" => Wartość pomyślnie przywrócono HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" => Wartość pomyślnie przywrócono HKLM\Software\\Microsoft\Internet Explorer\Main\\"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" => Wartość pomyślnie przywrócono HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" => Wartość pomyślnie przywrócono "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4F85CE37-9289-4B13-A14C-1D038AC600C2}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{28816FE1-F416-4D45-8643-FC64CDB79F88}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C14038F1-AE77-4155-8F1C-7AC2AC9B25B5}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7054EA68-D9C4-46DA-A2F0-5D57ED672F9C}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{19F4A53C-38D5-428B-9ACE-EBBE47BEB238}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{19F3FA68-F5EF-442B-849F-89F280FE90C2}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{086AFD48-A698-4CE6-AEF3-5534F78776F1}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{60EF84ED-FF1F-4834-B45D-72146A9F9945}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C545ADD9-8F8E-4651-BC10-9C3D61787604}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3464C986-1E9C-4B36-BD65-8B75CFC489CA}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{D884E502-12CC-430B-9DA7-10FE50230AAF}C:\program files (x86)\skype\phone\skype.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{3BDF8FC6-7D05-400C-B0DB-88272D1A49BE}C:\program files (x86)\skype\phone\skype.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{0570A3A9-E1C3-43C7-A75D-24832F97EC65}C:\program files (x86)\skype\phone\skype.exe" => pomyślnie usunięto "HKU\S-1-5-21-2151365465-1355736445-339537121-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Application Restart #3" => pomyślnie usunięto "HKU\S-1-5-21-2151365465-1355736445-339537121-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Application Restart #2" => pomyślnie usunięto HKLM\SOFTWARE\Policies\Mozilla => pomyślnie usunięto HKLM\SOFTWARE\Policies\Google => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D4452AD3-92A9-49B8-9008-E36DE06C9E0D}" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D4452AD3-92A9-49B8-9008-E36DE06C9E0D}" => pomyślnie usunięto C:\WINDOWS\System32\Tasks\SweetLabs App Platform => pomyślnie przeniesiono "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SweetLabs App Platform" => pomyślnie usunięto "C:\Users\HENIEK\Desktop\FRST-OlderVersion" => nie znaleziono ========= wevtutil el | Foreach-Object {wevtutil cl "$_"} ========= wevtutil : Failed to clear log Microsoft-Windows-USBVideo/Analytic. Przekazana nazwa wyst╣pienia nie zosta│a uznana prz ez dostawcŕ danych WMI za prawid│ow╣. At C:\FRST\tmp.ps1:1 char:31 + wevtutil el | Foreach-Object {wevtutil cl "$_"} + ~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (Failed to clear... za prawid│ow╣.:String) [], RemoteException + FullyQualifiedErrorId : NativeCommandError ========= Koniec Powershell: ========= =========== EmptyTemp: ========== BITS transfer queue => 8388608 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 12757714 B Java, Flash, Steam htmlcache => 0 B Windows/system/drivers => 20901 B Edge => 0 B Chrome => 0 B Firefox => 0 B Opera => 393876 B Temp, IE cache, history, cookies, recent: Default => 0 B ProgramData => 0 B Public => 0 B systemprofile => 128 B systemprofile32 => 128 B LocalService => 128 B NetworkService => 128 B HENIEK => 3451523 B RecycleBin => 2629855 B EmptyTemp: => 26.4 MB danych tymczasowych Usunięto. ================================ System wymagał restartu. ==== Koniec Fixlog 15:17:54 ====