Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja: 10.02.2019 01 Uruchomiony przez ASKE VRUND (11-02-2019 22:27:51) Run:1 Uruchomiony z F:\frst Załadowane profile: ASKE VRUND (Dostępne profile: ASKE VRUND) Tryb startu: Normal ============================================== fixlist - zawartość: ***************** C:\Program Files (x86)\Common Files\xLaWKoWEQoEN.exe C:\Program Files (x86)\IITOLEIa.exe C:\WINDOWS\aWFIy.exe C:\WINDOWS\EYoifz.exe C:\Program Files (x86)\Common Files\OaBVE.exe 2018-08-06 20:51 - 2018-08-06 20:51 - 007769088 _____ () C:\Users\ASKE VRUND\AppData\Local\agent.dat 2018-08-06 20:51 - 2018-08-06 20:51 - 000070896 _____ () C:\Users\ASKE VRUND\AppData\Local\Config.xml 2018-08-06 20:50 - 2018-08-06 20:51 - 000016080 _____ () C:\Users\ASKE VRUND\AppData\Local\INSTALLATIONCONFIGURATION.del 2018-08-06 20:50 - 2018-08-06 20:50 - 000140800 _____ () C:\Users\ASKE VRUND\AppData\Local\installer.dat 2018-08-06 20:51 - 2018-08-06 20:51 - 000018432 _____ () C:\Users\ASKE VRUND\AppData\Local\MAIN.del 2018-08-06 20:51 - 2018-08-06 20:51 - 000005568 _____ () C:\Users\ASKE VRUND\AppData\Local\md.xml 2018-08-06 20:51 - 2018-08-06 20:51 - 000126464 _____ () C:\Users\ASKE VRUND\AppData\Local\noah.dat 2018-10-01 19:59 - 2018-10-01 19:59 - 000000000 _____ () C:\Users\ASKE VRUND\AppData\Local\oobelibMkey.log 2018-08-06 20:51 - 2018-08-06 20:51 - 000278510 _____ () C:\Users\ASKE VRUND\AppData\Local\OVER-BAM.del 2018-08-06 20:50 - 2018-08-06 20:50 - 001413120 _____ () C:\Users\ASKE VRUND\AppData\Local\sham.db 2018-08-06 20:51 - 2018-08-06 20:51 - 002020969 _____ () C:\Users\ASKE VRUND\AppData\Local\STIMLEX.del 2018-08-06 20:49 - 2018-08-06 20:51 - 000000003 _____ () C:\Users\ASKE VRUND\AppData\Local\wbem.ini Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"} Task: {2BE187DE-AD56-476C-BEBA-29F18A657989} - \Lenovo\ImController\TimeBasedEvents\dfc4f3eb-7d98-4bc1-95fc-79c342f53006 -> Brak pliku <==== UWAGA Task: {A37CD72D-A574-4DE3-B83B-52B7FA69970A} - \Lenovo\ImController\TimeBasedEvents\2c5b1231-88d9-4b93-995e-903e0f987eae -> Brak pliku <==== UWAGA FirewallRules: [{12EC1F2D-D32A-43DC-BCB0-B3350350F64C}] => (Allow) C:\WINDOWS\SysWOW64\msiexec.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{48A9A353-C308-4B92-B4EB-33E16BFF5025}] => (Allow) C:\WINDOWS\EYoifz.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{8C9F0E82-F8AC-468D-AB6E-840211A9BFC2}] => (Allow) C:\WINDOWS\aWFIy.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{DBA21A73-205A-41D5-A2AF-A210281CD746}] => (Allow) C:\WINDOWS\SysWOW64\msiexec.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{707113BE-AD64-4059-9F7F-2D3F585C3875}] => (Allow) C:\Program Files (x86)\IITOLEIa.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{516FAE60-7A64-46F1-976C-EE5C003465CE}] => (Allow) C:\Program Files (x86)\Common Files\xLaWKoWEQoEN.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{20BDC3B3-7E3C-4002-9C68-D5BE3EC3F504}] => (Allow) C:\Users\ASKE VRUND\AppData\Roaming\BitTorrent\BitTorrent.exe Brak pliku FirewallRules: [{C53B2F82-7506-48BD-AF9B-00C9AB49F7D0}] => (Allow) C:\Users\ASKE VRUND\AppData\Roaming\BitTorrent\BitTorrent.exe Brak pliku HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== UWAGA SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - Brak pliku ShellServiceObjects: Brak nazwy -> {59EFE487-E5B8-4fae-9D2C-FCDF0B70CE70} => ShellServiceObjects-x32: Brak nazwy -> {59EFE487-E5B8-4fae-9D2C-FCDF0B70CE70} => SSODL-x32: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - Brak pliku cHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <==== UWAGA BHO: Brak nazwy -> {BAA31A35-DDC9-488F-864E-7FF705D4DDBD} -> Brak pliku BHO: Brak nazwy -> {C0D38E5A-7CF8-4105-8FE8-31B81443A114} -> Brak pliku EmptyTemp: ***************** C:\Program Files (x86)\Common Files\xLaWKoWEQoEN.exe => pomyślnie przeniesiono C:\Program Files (x86)\IITOLEIa.exe => pomyślnie przeniesiono C:\WINDOWS\aWFIy.exe => pomyślnie przeniesiono C:\WINDOWS\EYoifz.exe => pomyślnie przeniesiono C:\Program Files (x86)\Common Files\OaBVE.exe => pomyślnie przeniesiono C:\Users\ASKE VRUND\AppData\Local\agent.dat => pomyślnie przeniesiono C:\Users\ASKE VRUND\AppData\Local\Config.xml => pomyślnie przeniesiono C:\Users\ASKE VRUND\AppData\Local\INSTALLATIONCONFIGURATION.del => pomyślnie przeniesiono C:\Users\ASKE VRUND\AppData\Local\installer.dat => pomyślnie przeniesiono C:\Users\ASKE VRUND\AppData\Local\MAIN.del => pomyślnie przeniesiono C:\Users\ASKE VRUND\AppData\Local\md.xml => pomyślnie przeniesiono C:\Users\ASKE VRUND\AppData\Local\noah.dat => pomyślnie przeniesiono C:\Users\ASKE VRUND\AppData\Local\oobelibMkey.log => pomyślnie przeniesiono C:\Users\ASKE VRUND\AppData\Local\OVER-BAM.del => pomyślnie przeniesiono C:\Users\ASKE VRUND\AppData\Local\sham.db => pomyślnie przeniesiono C:\Users\ASKE VRUND\AppData\Local\STIMLEX.del => pomyślnie przeniesiono C:\Users\ASKE VRUND\AppData\Local\wbem.ini => pomyślnie przeniesiono ========= wevtutil el | Foreach-Object {wevtutil cl "$_"} ========= ========= Koniec Powershell: ========= "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2BE187DE-AD56-476C-BEBA-29F18A657989}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2BE187DE-AD56-476C-BEBA-29F18A657989}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\TimeBasedEvents\dfc4f3eb-7d98-4bc1-95fc-79c342f53006" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A37CD72D-A574-4DE3-B83B-52B7FA69970A}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A37CD72D-A574-4DE3-B83B-52B7FA69970A}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\TimeBasedEvents\2c5b1231-88d9-4b93-995e-903e0f987eae" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{12EC1F2D-D32A-43DC-BCB0-B3350350F64C}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{48A9A353-C308-4B92-B4EB-33E16BFF5025}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8C9F0E82-F8AC-468D-AB6E-840211A9BFC2}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DBA21A73-205A-41D5-A2AF-A210281CD746}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{707113BE-AD64-4059-9F7F-2D3F585C3875}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{516FAE60-7A64-46F1-976C-EE5C003465CE}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{20BDC3B3-7E3C-4002-9C68-D5BE3EC3F504}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C53B2F82-7506-48BD-AF9B-00C9AB49F7D0}" => pomyślnie usunięto HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== UWAGA => pomyślnie przywrócono "HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck" => pomyślnie usunięto HKLM\Software\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED} => nie znaleziono "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{59EFE487-E5B8-4fae-9D2C-FCDF0B70CE70}" => pomyślnie usunięto HKLM\Software\Classes\CLSID\{59EFE487-E5B8-4fae-9D2C-FCDF0B70CE70} => nie znaleziono "HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{59EFE487-E5B8-4fae-9D2C-FCDF0B70CE70}" => pomyślnie usunięto HKLM\Software\WOW6432Node\Classes\CLSID\{59EFE487-E5B8-4fae-9D2C-FCDF0B70CE70} => nie znaleziono "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck" => pomyślnie usunięto HKLM\Software\Wow6432Node\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED} => nie znaleziono HKLM\SOFTWARE\Policies\Google => pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BAA31A35-DDC9-488F-864E-7FF705D4DDBD} => pomyślnie usunięto HKLM\Software\Classes\CLSID\{BAA31A35-DDC9-488F-864E-7FF705D4DDBD} => nie znaleziono HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C0D38E5A-7CF8-4105-8FE8-31B81443A114} => pomyślnie usunięto HKLM\Software\Classes\CLSID\{C0D38E5A-7CF8-4105-8FE8-31B81443A114} => nie znaleziono =========== EmptyTemp: ========== BITS transfer queue => 10772480 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 756056130 B Java, Flash, Steam htmlcache => 1154 B Windows/system/drivers => 4531552 B Edge => 1634389 B Chrome => 297311291 B Firefox => 1091963917 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 0 B LocalService => 44902 B LocalService => 0 B NetworkService => 5630 B NetworkService => 0 B ASKE VRUND => 54397089 B RecycleBin => 109 B EmptyTemp: => 2.1 GB danych tymczasowych Usunięto. ================================ System wymagał restartu. ==== Koniec Fixlog 22:31:29 ====