Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja: 30-09-2020
Uruchomiony przez Mariusz (30-09-2020 17:51:21) Run:1
Uruchomiony z D:\Mariusz\Pobrane
Załadowane profile: Mariusz
Tryb startu: Normal
==============================================
fixlist - zawartość:
*****************
GroupPolicy: Ograniczenia ? <==== UWAGA
Task: {BC84709E-952A-4069-9B82-AA2CA5F45BE0} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {6774E99C-8DD3-4F40-AD73-8D5AE4C3D9BF} - System32\Tasks\Open URL by RoboForm => C:\WINDOWS\system32\rundll32.exe url.dll,FileProtocolHandler "hxxps://www.roboform.com/uninstall.html?aaa=KICMOJMJPMLMKMNJKJNMCNMMKMPMGMCNLMOMGMKJCNHMNJLMOMCNPMJMHMLJMMNJLJKJGMGMHMGMJNJICMHMCNJMCNJMFMOMOMCNKMGMNMCNOMHMMMJMNMFMPMCNPMCNOMHMMMJMMMCNNMJNPICMPMFMFMPMJNHICMEKMICNJJCKJNBJCMCLOJNIGJKIMIFIJNKJCMJNNICMJNDJCMMLFMJNMJCMPMFMPMF (dane wartości zawierają 36 znaków więcej).
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\bd_js_config.js [2019-09-10] <==== UWAGA (Linkuje do pliku *.cfg)
FF ExtraCheck: C:\Program Files\mozilla firefox\bd_config.cfg [2019-09-10] <==== UWAGA
FF ProfilePath: C:\Users\Mariusz\AppData\Roaming\Mozilla\Firefox\Profiles\d1c3hmh4.default [2019-06-05]
FF Extension: (eidReader Plugin Extension) - C:\Users\Mariusz\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\kcnofmiceklfkodhdhhjcfjhdepfobaf@unifiedpost.com.xpi [2017-09-19] [UpdateUrl:hxxps://example.com/updates.json]
FF ProfilePath: C:\Users\Mariusz\AppData\Roaming\Mozilla\Firefox\Profiles\clzqwop4.default-release [2020-09-28]
FF Extension: (eID Belgium) - C:\Users\Mariusz\AppData\Roaming\Mozilla\Firefox\Profiles\clzqwop4.default-release\Extensions\belgiumeid@eid.belgium.be.xpi [2020-01-06]
FF HKLM\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi
FF Extension: (Bitdefender Wallet) - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi [2020-05-04] [UpdateUrl:hxxps://download.bitdefender.com/windows/desktop/connect/wallet/updates.json ]
FF HKLM\...\Firefox\Extensions: [bdtbe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbef.xpi
FF Extension: (Bitdefender Anti-tracker) - C:\Program Files\Bitdefender\Bitdefender Security\bdtbef.xpi [2020-06-25] [UpdateUrl:hxxps://download.bitdefender.com/windows/desktop/connect/antitracker/updates.json ]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext
FF Extension: (Bitdefender Antispam Toolbar) - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext [2020-05-09] [Przestarzałe] [Brak podpisu cyfrowego]
S2 MBAMChameleon; \SystemRoot\System32\Drivers\MbamChameleon.sys [X]
CustomCLSID: HKU\S-1-5-21-1833202948-2175999335-1231236414-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> Brak ścieżki do pliku
CustomCLSID: HKU\S-1-5-21-1833202948-2175999335-1231236414-1001_Classes\CLSID\{32183901-9662-4357-92AD-027F4D313B98}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll => Brak pliku
CustomCLSID: HKU\S-1-5-21-1833202948-2175999335-1231236414-1001_Classes\CLSID\{3CDEB321-6C62-41F9-BC5C-D34ED036C341}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll => Brak pliku
CustomCLSID: HKU\S-1-5-21-1833202948-2175999335-1231236414-1001_Classes\CLSID\{416CB673-1B40-4402-8227-484D6BB73FB0}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll => Brak pliku
CustomCLSID: HKU\S-1-5-21-1833202948-2175999335-1231236414-1001_Classes\CLSID\{4C4A2986-79BC-4A5B-9045-8506FEDEFA7D}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll => Brak pliku
CustomCLSID: HKU\S-1-5-21-1833202948-2175999335-1231236414-1001_Classes\CLSID\{6CB7F61C-C111-44DC-90EE-0CED2F362B40}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll => Brak pliku
CustomCLSID: HKU\S-1-5-21-1833202948-2175999335-1231236414-1001_Classes\CLSID\{7A9C18D8-292F-4099-9078-B695ACD346DC}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll => Brak pliku
CustomCLSID: HKU\S-1-5-21-1833202948-2175999335-1231236414-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> Brak ścieżki do pliku
CustomCLSID: HKU\S-1-5-21-1833202948-2175999335-1231236414-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> Brak ścieżki do pliku
CustomCLSID: HKU\S-1-5-21-1833202948-2175999335-1231236414-1001_Classes\CLSID\{8946477B-9945-45D6-ACD8-7EE87314A29D}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll => Brak pliku
CustomCLSID: HKU\S-1-5-21-1833202948-2175999335-1231236414-1001_Classes\CLSID\{96513B98-D60D-4592-9D52-D9C0DF86F6E5}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll => Brak pliku
CustomCLSID: HKU\S-1-5-21-1833202948-2175999335-1231236414-1001_Classes\CLSID\{EC4CAB61-EC98-4114-A58C-C948D06887F3}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll => Brak pliku
CustomCLSID: HKU\S-1-5-21-1833202948-2175999335-1231236414-1001_Classes\CLSID\{EEA7BA38-2C72-4574-9253-8ED7834F5162}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll => Brak pliku
CustomCLSID: HKU\S-1-5-21-1833202948-2175999335-1231236414-1001_Classes\CLSID\{FB1A762F-156D-4E0C-9C5A-F877A458E472}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll => Brak pliku
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> Brak pliku
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> Brak pliku
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> Brak pliku
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> Brak pliku
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> Brak pliku
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> Brak pliku
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> Brak pliku
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> Brak pliku
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> Brak pliku
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> Brak pliku
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> Brak pliku
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> Brak pliku
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> Brak pliku
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> Brak pliku
Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"}
EmptyTemp:
*****************
C:\WINDOWS\system32\GroupPolicy\Machine => pomyślnie przeniesiono
C:\WINDOWS\system32\GroupPolicy\GPT.ini => pomyślnie przeniesiono
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => pomyślnie przeniesiono
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BC84709E-952A-4069-9B82-AA2CA5F45BE0}" => pomyślnie usunięto
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BC84709E-952A-4069-9B82-AA2CA5F45BE0}" => pomyślnie usunięto
C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask => pomyślnie przeniesiono
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CreateExplorerShellUnelevatedTask" => pomyślnie usunięto
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6774E99C-8DD3-4F40-AD73-8D5AE4C3D9BF}" => pomyślnie usunięto
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6774E99C-8DD3-4F40-AD73-8D5AE4C3D9BF}" => pomyślnie usunięto
C:\WINDOWS\System32\Tasks\Open URL by RoboForm => pomyślnie przeniesiono
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Open URL by RoboForm" => pomyślnie usunięto
C:\Program Files\mozilla firefox\defaults\pref\bd_js_config.js => pomyślnie przeniesiono
C:\Program Files\mozilla firefox\bd_config.cfg => pomyślnie przeniesiono
C:\Users\Mariusz\AppData\Roaming\Mozilla\Firefox\Profiles\d1c3hmh4.default => pomyślnie przeniesiono
C:\Users\Mariusz\AppData\Roaming\Mozilla\Firefox\Profiles\d1c3hmh4.default => ścieżki pomyślnie usunięto
C:\Users\Mariusz\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\kcnofmiceklfkodhdhhjcfjhdepfobaf@unifiedpost.com.xpi => pomyślnie przeniesiono
C:\Users\Mariusz\AppData\Roaming\Mozilla\Firefox\Profiles\clzqwop4.default-release => pomyślnie przeniesiono
C:\Users\Mariusz\AppData\Roaming\Mozilla\Firefox\Profiles\clzqwop4.default-release => ścieżki pomyślnie usunięto
"C:\Users\Mariusz\AppData\Roaming\Mozilla\Firefox\Profiles\clzqwop4.default-release\Extensions\belgiumeid@eid.belgium.be.xpi" => nie znaleziono
"HKLM\Software\Mozilla\Firefox\Extensions\\bdwtwe@bitdefender.com" => pomyślnie usunięto
Nie można przenieść "C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi" => Zaplanowany do przeniesienia przy restarcie.
"HKLM\Software\Mozilla\Firefox\Extensions\\bdtbe@bitdefender.com" => pomyślnie usunięto
Nie można przenieść "C:\Program Files\Bitdefender\Bitdefender Security\bdtbef.xpi" => Zaplanowany do przeniesienia przy restarcie.
"HKLM\Software\Mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com" => pomyślnie usunięto
"C:\Program Files\Bitdefender\Bitdefender Security\bdtbext" folder - przenoszenie:
Nie można przenieść "C:\Program Files\Bitdefender\Bitdefender Security\bdtbext" => Zaplanowany do przeniesienia przy restarcie.
MBAMChameleon => serwis nie znaleziono.
HKU\S-1-5-21-1833202948-2175999335-1231236414-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E} => pomyślnie usunięto
HKU\S-1-5-21-1833202948-2175999335-1231236414-1001_Classes\CLSID\{32183901-9662-4357-92AD-027F4D313B98} => pomyślnie usunięto
HKU\S-1-5-21-1833202948-2175999335-1231236414-1001_Classes\CLSID\{3CDEB321-6C62-41F9-BC5C-D34ED036C341} => pomyślnie usunięto
HKU\S-1-5-21-1833202948-2175999335-1231236414-1001_Classes\CLSID\{416CB673-1B40-4402-8227-484D6BB73FB0} => pomyślnie usunięto
HKU\S-1-5-21-1833202948-2175999335-1231236414-1001_Classes\CLSID\{4C4A2986-79BC-4A5B-9045-8506FEDEFA7D} => pomyślnie usunięto
HKU\S-1-5-21-1833202948-2175999335-1231236414-1001_Classes\CLSID\{6CB7F61C-C111-44DC-90EE-0CED2F362B40} => pomyślnie usunięto
HKU\S-1-5-21-1833202948-2175999335-1231236414-1001_Classes\CLSID\{7A9C18D8-292F-4099-9078-B695ACD346DC} => pomyślnie usunięto
HKU\S-1-5-21-1833202948-2175999335-1231236414-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C} => pomyślnie usunięto
HKU\S-1-5-21-1833202948-2175999335-1231236414-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E} => pomyślnie usunięto
HKU\S-1-5-21-1833202948-2175999335-1231236414-1001_Classes\CLSID\{8946477B-9945-45D6-ACD8-7EE87314A29D} => pomyślnie usunięto
HKU\S-1-5-21-1833202948-2175999335-1231236414-1001_Classes\CLSID\{96513B98-D60D-4592-9D52-D9C0DF86F6E5} => pomyślnie usunięto
HKU\S-1-5-21-1833202948-2175999335-1231236414-1001_Classes\CLSID\{EC4CAB61-EC98-4114-A58C-C948D06887F3} => pomyślnie usunięto
HKU\S-1-5-21-1833202948-2175999335-1231236414-1001_Classes\CLSID\{EEA7BA38-2C72-4574-9253-8ED7834F5162} => pomyślnie usunięto
HKU\S-1-5-21-1833202948-2175999335-1231236414-1001_Classes\CLSID\{FB1A762F-156D-4E0C-9C5A-F877A458E472} => pomyślnie usunięto
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => pomyślnie usunięto
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => pomyślnie usunięto
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => pomyślnie usunięto
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => pomyślnie usunięto
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => pomyślnie usunięto
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => pomyślnie usunięto
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => pomyślnie usunięto
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => pomyślnie usunięto
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => pomyślnie usunięto
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => pomyślnie usunięto
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => pomyślnie usunięto
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => pomyślnie usunięto
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => pomyślnie usunięto
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => pomyślnie usunięto
========= wevtutil el | Foreach-Object {wevtutil cl "$_"} =========
wevtutil : Failed to clear log Microsoft-Windows-LiveId/Analytic.
At C:\FRST\tmp.ps1:1 char:31
+ wevtutil el | Foreach-Object {wevtutil cl "$_"}
+ ~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (Failed to clear...iveId/Analytic.:String) [], RemoteException
+ FullyQualifiedErrorId : NativeCommandError
Odmowa dostŕpu.
wevtutil : Failed to clear log Microsoft-Windows-LiveId/Operational.
At C:\FRST\tmp.ps1:1 char:31
+ wevtutil el | Foreach-Object {wevtutil cl "$_"}
+ ~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (Failed to clear...Id/Operational.:String) [], RemoteException
+ FullyQualifiedErrorId : NativeCommandError
Odmowa dostŕpu.
wevtutil : Failed to clear log Microsoft-Windows-USBVideo/Analytic.
At C:\FRST\tmp.ps1:1 char:31
+ wevtutil el | Foreach-Object {wevtutil cl "$_"}
+ ~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (Failed to clear...Video/Analytic.:String) [], RemoteException
+ FullyQualifiedErrorId : NativeCommandError
Przekazana nazwa wyst╣pienia nie zosta│a uznana przez dostawcŕ danych WMI za prawid│ow╣.
========= Koniec Powershell: =========
=========== EmptyTemp: ==========
BITS transfer queue => 10510336 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 125168708 B
Java, Flash, Steam htmlcache => 600490631 B
Windows/system/drivers => 21036416 B
Edge => 3738868 B
Chrome => 500858373 B
Firefox => 192641814 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 265008 B
NetworkService => 674570 B
Mariusz => 220273536 B
RecycleBin => 0 B
EmptyTemp: => 1.6 GB danych tymczasowych Usunięto.
================================
Rezultat przenoszenia plików przy restarcie (Tryb startu: Normal) (Data i godzina: 30-09-2020 17:53:33)
C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi => Nie można przenieść
C:\Program Files\Bitdefender\Bitdefender Security\bdtbef.xpi => Nie można przenieść
C:\Program Files\Bitdefender\Bitdefender Security\bdtbext => Nie można przenieść
==== Koniec Fixlog 17:53:33 ====