Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja: 15-07-2019 01 Uruchomiony przez Ewa (17-07-2019 17:18:00) Run:1 Uruchomiony z C:\Users\Ewa\Desktop\Nowy folder Załadowane profile: Ewa (Dostępne profile: Ewa) Tryb startu: Normal ============================================== fixlist - zawartość: ***************** Reg: reg query HKLM\SYSTEM\CurrentControlSet\services\Winmgmt /s Task: {174D3115-149D-4B5C-AA1C-F2F70520F76D} - System32\Tasks\{1C4A296F-2CA0-EDD6-E0C7-761856BD0247} => C:\Users\Ewa\AppData\Roaming\{1C4A2~1\SYNHEL~1 [Argument = /Check] Task: C:\Windows\Tasks\{1C4A296F-2CA0-EDD6-E0C7-761856BD0247}.job => C:\Users\Ewa\AppData\Roaming\{1C4A2~1\SYNHEL~1/CheckEWA\Ewa0֠< <==== UWAGA HKU\S-1-5-21-1540272699-3277271125-2178347195-1001\...\StartMenuInternet\ChromeHTML: -> C:\Program Files (x86)\Evercine\Application\chrome.exe <==== UWAGA BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll => Brak pliku HKLM-x32\...\Run: [] => [X] RemoveDirectory: C:\Program Files (x86)\Evercine S3 e1edc438-f640-4184-a443-d2a7c37a01dc; \??\C:\OA30\690b33e1-0462-4e84-9bea-c7552b45432a.sys [X] FirewallRules: [{CF8ABB8F-9BF2-4545-A6A9-004F607B5732}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe Brak pliku FirewallRules: [{1DBAA58D-11E5-4875-B5DE-D0C6500D7219}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe Brak pliku Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"} C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gimnazjum część 3\Fizyka.lnk C:\Users\Ewa\Desktop\WSZYSTKO INNE\Avast Free Antivirus.lnk C:\Users\Ewa\Desktop\WSZYSTKO INNE\Avast SafeZone Browser.lnk C:\Users\Ewa\Desktop\WSZYSTKO INNE\OpenOffice 4.1.2.lnk EmptyTemp: ***************** ========= reg query HKLM\SYSTEM\CurrentControlSet\services\Winmgmt /s ========= HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Winmgmt DisplayName REG_SZ @%Systemroot%\system32\wbem\wmisvc.dll,-205 ErrorControl REG_DWORD 0x0 ImagePath REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs Start REG_DWORD 0x2 Type REG_DWORD 0x20 Description REG_SZ @%Systemroot%\system32\wbem\wmisvc.dll,-204 DependOnService REG_MULTI_SZ RPCSS ObjectName REG_SZ localSystem ServiceSidType REG_DWORD 0x1 FailureActions REG_BINARY 805101000000000000000000030000001400000001000000C0D4010001000000E09304000000000000000000 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Winmgmt\Parameters ServiceDllUnloadOnStop REG_DWORD 0x1 ServiceMain REG_SZ ServiceMain ServiceDll REG_EXPAND_SZ %SystemRoot%\system32\wbem\WMIsvc.dll ========= Koniec Reg: ========= "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{174D3115-149D-4B5C-AA1C-F2F70520F76D}" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{174D3115-149D-4B5C-AA1C-F2F70520F76D}" => pomyślnie usunięto C:\Windows\System32\Tasks\{1C4A296F-2CA0-EDD6-E0C7-761856BD0247} => pomyślnie przeniesiono "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1C4A296F-2CA0-EDD6-E0C7-761856BD0247}" => pomyślnie usunięto C:\Windows\Tasks\{1C4A296F-2CA0-EDD6-E0C7-761856BD0247}.job => pomyślnie przeniesiono HKU\S-1-5-21-1540272699-3277271125-2178347195-1001\SOFTWARE\Clients\StartMenuInternet\ChromeHTML => pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} => pomyślnie usunięto HKLM\Software\Classes\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} => pomyślnie usunięto "HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => pomyślnie usunięto "C:\Program Files (x86)\Evercine" => pomyślnie usunięto HKLM\System\CurrentControlSet\Services\e1edc438-f640-4184-a443-d2a7c37a01dc => pomyślnie usunięto e1edc438-f640-4184-a443-d2a7c37a01dc => serwis pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CF8ABB8F-9BF2-4545-A6A9-004F607B5732}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1DBAA58D-11E5-4875-B5DE-D0C6500D7219}" => pomyślnie usunięto ========= wevtutil el | Foreach-Object {wevtutil cl "$_"} ========= wevtutil : Failed to clear log Microsoft-Windows-USBVideo/Analytic. Przekazana nazwa wyst╣pienia nie zosta│a uznana prz ez dostawcŕ danych WMI za prawid│ow╣. At C:\FRST\tmp.ps1:1 char:31 + wevtutil el | Foreach-Object {wevtutil cl "$_"} + ~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (Failed to clear... za prawid│ow╣.:String) [], RemoteException + FullyQualifiedErrorId : NativeCommandError ========= Koniec Powershell: ========= C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gimnazjum część 3\Fizyka.lnk => pomyślnie przeniesiono C:\Users\Ewa\Desktop\WSZYSTKO INNE\Avast Free Antivirus.lnk => pomyślnie przeniesiono C:\Users\Ewa\Desktop\WSZYSTKO INNE\Avast SafeZone Browser.lnk => pomyślnie przeniesiono C:\Users\Ewa\Desktop\WSZYSTKO INNE\OpenOffice 4.1.2.lnk => pomyślnie przeniesiono =========== EmptyTemp: ========== BITS transfer queue => 12582912 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 12066707 B Java, Flash, Steam htmlcache => 2225 B Windows/system/drivers => 35522336 B Edge => 0 B Chrome => 522227616 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 272873 B systemprofile32 => 128 B LocalService => 2270 B NetworkService => 0 B Ewa => 2596811598 B RecycleBin => 4206565098 B EmptyTemp: => 6.9 GB danych tymczasowych Usunięto. ================================ System wymagał restartu. ==== Koniec Fixlog 17:21:28 ====