Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja: 09.09.2018 Uruchomiony przez Bambus (14-09-2018 17:01:28) Run:2 Uruchomiony z C:\Users\wsad9\Desktop\frst Załadowane profile: Bambus (Dostępne profile: Bambus) Tryb startu: Safe Mode (with Networking) ============================================== fixlist - zawartość: ***************** Task: {73C90C28-57CD-4056-B75C-0B7B19ABBB2C} - System32\Tasks\{47895068-55A8-4792-32CE-5C2D8E29E409} => C:\Program Files (x86)\Common Files\EyOneEMO.exe [2018-04-12] (Microsoft Corporation) Task: {74D898CB-4F9C-45A0-B6FB-3C865BEFE9C9} - System32\Tasks\{1C1B8C26-4D84-3905-7D6D-55E1FCB224C0} => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" hxxp://addfleshitem.com/cl/?guid=d82pfl1ux7ksxmwg3stqtt3wrjlkivvm&prid=1&pid=4_1324_0 Task: {E8690032-C55E-4C0A-9215-6DD5B609FFF0} - System32\Tasks\{F4C944F7-BDC5-F258-0B80-2D43F1F05D35} => C:\WINDOWS\SysWOW64\aUNoRJgRRqaKs.exe [2018-04-12] (Microsoft Corporation) C:\WINDOWS\SysWOW64\aUNoRJgRRqaKs.exe C:\Program Files (x86)\Common Files\EyOneEMO.exe FirewallRules: [{3D72CE19-B46C-4D52-9B96-A34D12CD7902}] => (Allow) C:\WINDOWS\SysWOW64\msiexec.exe FirewallRules: [{35226095-583D-496F-B599-170FF6D5D0BE}] => (Allow) C:\Program Files (x86)\Common Files\EyOneEMO.exe FirewallRules: [{E40A0DF7-B8A7-4862-B2E7-FC197A3BE721}] => (Allow) C:\WINDOWS\SysWOW64\aUNoRJgRRqaKs.exe FirewallRules: [{BBA03010-4C6F-48ED-B3FB-9152C5C2BE82}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe FirewallRules: [{77288396-921D-4499-B26B-6D3D2B758416}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe FirewallRules: [{D9528A70-7275-4355-8A5E-20E45871FAA9}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe FirewallRules: [{2BD2084B-92E4-45FD-894D-875902555DBC}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe FirewallRules: [{03103914-5026-4DE9-BB15-4FD3E5DBFE87}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe FirewallRules: [{71A3EC33-5E05-407F-8FF2-E39118BC374D}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe FirewallRules: [{6AA10702-412B-4018-B7E7-FA42DAE5E0F9}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe FirewallRules: [{1088E4CD-B892-43B6-B48D-06E4A6154E5D}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe FirewallRules: [{BB0C6E1D-72E7-4836-B20F-B64B5D085482}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe FirewallRules: [{88FF23CC-E6B0-4298-AC9C-B89143F5FE1E}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe FirewallRules: [{CE8B5EFE-26BB-4168-84F9-56D898B6B7E9}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe FirewallRules: [{51874E6A-F241-41BB-960A-2708CE9C39D2}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe FirewallRules: [{F983AB49-5673-4B69-A35C-EC3D326DD1A0}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe FirewallRules: [{DA78FA4E-2F76-45BF-A5C5-02CE526F01FC}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe FirewallRules: [{758EA17D-B1E1-4A11-AC36-B2461E10E79E}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe FirewallRules: [{BE093EB3-52CF-454F-B68D-07F6F09E283D}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe FirewallRules: [{4AB59104-5608-4F42-BF5C-21EE774F9DDA}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe FirewallRules: [{5717E08C-A81B-4A7D-A7CA-D4B77A2725D4}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe FirewallRules: [{06DCC619-06DC-472A-81CE-CE5E16F7974B}] => (Allow) C:\Users\wsad9\AppData\Local\NET.Remote Assistance\msiexec64.exe FirewallRules: [{D1A5A0DB-733D-4516-A24E-86FEE9A37342}] => (Allow) C:\WINDOWS\SysWOW64\rundll32.exe FirewallRules: [{AA5A7BA7-F26F-4907-A275-C211C2147D0F}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe FirewallRules: [{6F700F72-AFB8-43E9-AE57-C3223A6C378A}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe FirewallRules: [{EE781F96-BD8D-45E2-B34F-B64EC12B308D}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe FirewallRules: [{DD7F64FF-07B7-4530-98A1-FB194178EAE0}] => (Allow) C:\Users\wsad9\AppData\Local\NET.Remote Assistance\msiexec64.exe FirewallRules: [{BD6013B6-1615-4187-A289-9B042F215974}] => (Allow) C:\WINDOWS\SysWOW64\rundll32.exe FirewallRules: [{9F291536-ED94-46A9-B6F8-1DF5D1DBBE03}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe FirewallRules: [{C11810D4-992F-4982-8B79-699DF5F525D7}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe FirewallRules: [{3739A970-7A8C-481C-9C91-B14C1993B320}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe FirewallRules: [{FFA62413-6656-4E60-83E4-277F7EB53328}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe FirewallRules: [{A1D92F80-9A21-4D42-AC51-0FA70A989925}] => (Allow) C:\Users\wsad9\AppData\Local\NET.Remote Assistance\msiexec64.exe FirewallRules: [{DB77E334-693B-4D92-9585-01C476A4315A}] => (Allow) C:\WINDOWS\SysWOW64\rundll32.exe FirewallRules: [{1A10B290-D7A7-4081-A400-8BBD08FBA8B8}] => (Allow) C:\Users\wsad9\AppData\Local\NET.Remote Assistance\msiexec64.exe FirewallRules: [{432E784C-3565-4498-87E4-4924B2E967FA}] => (Allow) C:\WINDOWS\SysWOW64\rundll32.exe FirewallRules: [{E5E862E8-C65A-4E7F-BF7E-ED1E900CFF28}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe FirewallRules: [{06B9915B-3C2A-433C-A62B-D6687D4D7E26}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe FirewallRules: [{05CF0B7D-4A4D-4A2A-A951-867D6D62782F}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"} C:\WINDOWS\Minidump\*.dmp HOSTS: 2018-04-12 01:34 - 2018-04-12 01:34 - 000060416 ____N (Microsoft Corporation) C:\Program Files (x86)\Common Files\EyOneEMO.exe 2018-04-12 01:34 - 2018-04-12 01:34 - 000178688 ____N (Microsoft Corporation) C:\Users\wsad9\AppData\Roaming\pUQyPh.exe 2018-08-09 21:02 - 2018-09-07 21:40 - 000000002 _____ () C:\Users\wsad9\AppData\Local\imw.ini EmptyTemp: ***************** "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{73C90C28-57CD-4056-B75C-0B7B19ABBB2C}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{73C90C28-57CD-4056-B75C-0B7B19ABBB2C}" => pomyślnie usunięto C:\WINDOWS\System32\Tasks\{47895068-55A8-4792-32CE-5C2D8E29E409} => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{47895068-55A8-4792-32CE-5C2D8E29E409}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{74D898CB-4F9C-45A0-B6FB-3C865BEFE9C9}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{74D898CB-4F9C-45A0-B6FB-3C865BEFE9C9}" => pomyślnie usunięto C:\WINDOWS\System32\Tasks\{1C1B8C26-4D84-3905-7D6D-55E1FCB224C0} => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1C1B8C26-4D84-3905-7D6D-55E1FCB224C0}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E8690032-C55E-4C0A-9215-6DD5B609FFF0}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E8690032-C55E-4C0A-9215-6DD5B609FFF0}" => pomyślnie usunięto C:\WINDOWS\System32\Tasks\{F4C944F7-BDC5-F258-0B80-2D43F1F05D35} => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F4C944F7-BDC5-F258-0B80-2D43F1F05D35}" => pomyślnie usunięto C:\WINDOWS\SysWOW64\aUNoRJgRRqaKs.exe => pomyślnie przeniesiono C:\Program Files (x86)\Common Files\EyOneEMO.exe => pomyślnie przeniesiono "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3D72CE19-B46C-4D52-9B96-A34D12CD7902}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{35226095-583D-496F-B599-170FF6D5D0BE}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E40A0DF7-B8A7-4862-B2E7-FC197A3BE721}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BBA03010-4C6F-48ED-B3FB-9152C5C2BE82}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{77288396-921D-4499-B26B-6D3D2B758416}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D9528A70-7275-4355-8A5E-20E45871FAA9}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2BD2084B-92E4-45FD-894D-875902555DBC}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{03103914-5026-4DE9-BB15-4FD3E5DBFE87}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{71A3EC33-5E05-407F-8FF2-E39118BC374D}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6AA10702-412B-4018-B7E7-FA42DAE5E0F9}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1088E4CD-B892-43B6-B48D-06E4A6154E5D}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BB0C6E1D-72E7-4836-B20F-B64B5D085482}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{88FF23CC-E6B0-4298-AC9C-B89143F5FE1E}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CE8B5EFE-26BB-4168-84F9-56D898B6B7E9}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{51874E6A-F241-41BB-960A-2708CE9C39D2}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F983AB49-5673-4B69-A35C-EC3D326DD1A0}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DA78FA4E-2F76-45BF-A5C5-02CE526F01FC}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{758EA17D-B1E1-4A11-AC36-B2461E10E79E}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BE093EB3-52CF-454F-B68D-07F6F09E283D}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4AB59104-5608-4F42-BF5C-21EE774F9DDA}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5717E08C-A81B-4A7D-A7CA-D4B77A2725D4}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{06DCC619-06DC-472A-81CE-CE5E16F7974B}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D1A5A0DB-733D-4516-A24E-86FEE9A37342}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AA5A7BA7-F26F-4907-A275-C211C2147D0F}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6F700F72-AFB8-43E9-AE57-C3223A6C378A}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EE781F96-BD8D-45E2-B34F-B64EC12B308D}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DD7F64FF-07B7-4530-98A1-FB194178EAE0}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BD6013B6-1615-4187-A289-9B042F215974}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9F291536-ED94-46A9-B6F8-1DF5D1DBBE03}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C11810D4-992F-4982-8B79-699DF5F525D7}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3739A970-7A8C-481C-9C91-B14C1993B320}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FFA62413-6656-4E60-83E4-277F7EB53328}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A1D92F80-9A21-4D42-AC51-0FA70A989925}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DB77E334-693B-4D92-9585-01C476A4315A}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1A10B290-D7A7-4081-A400-8BBD08FBA8B8}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{432E784C-3565-4498-87E4-4924B2E967FA}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E5E862E8-C65A-4E7F-BF7E-ED1E900CFF28}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{06B9915B-3C2A-433C-A62B-D6687D4D7E26}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{05CF0B7D-4A4D-4A2A-A951-867D6D62782F}" => pomyślnie usunięto ========= wevtutil el | Foreach-Object {wevtutil cl "$_"} ========= ========= Koniec Powershell: ========= =========== "C:\WINDOWS\Minidump\*.dmp" ========== C:\WINDOWS\Minidump\091418-12093-01.dmp => pomyślnie przeniesiono C:\WINDOWS\Minidump\091418-12781-01.dmp => pomyślnie przeniesiono C:\WINDOWS\Minidump\091418-12937-01.dmp => pomyślnie przeniesiono C:\WINDOWS\Minidump\091418-13062-01.dmp => pomyślnie przeniesiono C:\WINDOWS\Minidump\091418-13171-01.dmp => pomyślnie przeniesiono ========= Koniec -> "C:\WINDOWS\Minidump\*.dmp" ======== C:\Windows\System32\Drivers\etc\hosts => pomyślnie przeniesiono Hosts pomyślnie przywrócono. "C:\Program Files (x86)\Common Files\EyOneEMO.exe" => nie znaleziono C:\Users\wsad9\AppData\Roaming\pUQyPh.exe => pomyślnie przeniesiono C:\Users\wsad9\AppData\Local\imw.ini => pomyślnie przeniesiono =========== EmptyTemp: ========== BITS transfer queue => 7888896 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 34035178 B Java, Flash, Steam htmlcache => 188929252 B Windows/system/drivers => 382548 B Edge => 3358800 B Chrome => 260213064 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 0 B LocalService => 0 B LocalService => 0 B NetworkService => 49382 B NetworkService => 0 B wsad9 => 52277831 B RecycleBin => 0 B EmptyTemp: => 521.8 MB danych tymczasowych Usunięto. ================================ System wymagał restartu. ==== Koniec Fixlog 17:01:42 ====