API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Aug 9th, 2018
69
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 12.58 KB | None | 0 0
raw download clone embed print report
  1. Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja: 02.08.2018
  2. Uruchomiony przez Klusek (09-08-2018 13:04:00) Run:1
  3. Uruchomiony z C:\Users\Klusek\Downloads
  4. Załadowane profile: Klusek (Dostępne profile: Klusek)
  5. Tryb startu: Normal
  6. ==============================================
  7.  
  8. fixlist - zawartość:
  9. *****************
  10. CloseProcesses:
  11. CreateRestorePoint:
  12. EmptyTemp:
  13. VirusTotal: C:\ProgramData\wta39003.exe
  14. VirusTotal: C:\Users\Klusek\AppData\Roaming\Endless.Space.2.Deluxe.Edition.ENG.Repack\pxjhze.exe
  15. HKU\S-1-5-21-2486246776-2999285121-1746736506-1001\...\Run: [Klusek] => explorer.exe hxxp://ozirizsoos.info <==== UWAGA
  16. HKU\S-1-5-21-2486246776-2999285121-1746736506-1001\...\MountPoints2: {e4faddb4-988d-11e6-852e-d8cb8a4fb91a} - "G:\SISetup.exe"
  17. Tcpip\..\Interfaces\{bc4db40e-89a0-4c95-8c9a-ee2edfabb13f}: [DhcpNameServer] 192.168.42.129
  18. Tcpip\..\Interfaces\{bf614ce0-a430-4a2b-af64-97852d386a4b}: [DhcpNameServer] 192.168.8.1 192.168.8.1
  19. S3 mracsvc; C:\WINDOWS\System32\mracsvc.exe [8010968 2018-01-27] (LLC Mail.Ru)
  20. R2 wta39003; C:\ProgramData\wta39003.exe [386232 2017-07-12] () <==== UWAGA
  21. S3 mracdrv; C:\WINDOWS\System32\drivers\mracdrv.sys [7238880 2018-01-27] (LLC Mail.Ru)
  22. CustomCLSID: HKU\S-1-5-21-2486246776-2999285121-1746736506-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Klusek\AppData\Local\Microsoft\OneDrive\17.3.6917.0607\amd64\FileSyncShell64.dll => Brak pliku
  23. CustomCLSID: HKU\S-1-5-21-2486246776-2999285121-1746736506-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Klusek\AppData\Local\Microsoft\OneDrive\17.3.6917.0607\amd64\FileSyncShell64.dll => Brak pliku
  24. CustomCLSID: HKU\S-1-5-21-2486246776-2999285121-1746736506-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Klusek\AppData\Local\Microsoft\OneDrive\17.3.6917.0607\amd64\FileSyncShell64.dll => Brak pliku
  25. ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> Brak pliku
  26. ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> Brak pliku
  27. ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> Brak pliku
  28. ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> Brak pliku
  29. ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> Brak pliku
  30. ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> Brak pliku
  31. ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku
  32. ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> Brak pliku
  33. ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> Brak pliku
  34. ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> Brak pliku
  35. ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> Brak pliku
  36. ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> Brak pliku
  37. ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> Brak pliku
  38. ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku
  39. Task: {4BE26BE2-D3AF-42CE-B4B5-E2ACB5F59094} - System32\Tasks\SystemMaintanceTask => C:\Users\Klusek\AppData\Roaming\Endless.Space.2.Deluxe.Edition.ENG.Repack\pxjhze.exe
  40. Task: {4DAB1E9A-5EE5-416D-BD17-7B6344AF20DB} - \Microsoft\Windows\UNP\RunCampaignManager -> Brak pliku <==== UWAGA
  41. Task: {59091FE3-4D92-4173-A149-6C49A98C03DE} - System32\Tasks\SessionAgent => C:\windows\sysckeck32.exe
  42. Task: {FF1100FF-5516-477F-BFF8-85D5DA8387C6} - System32\Tasks\Klusek => cmd.exe /c REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /f /v Klusek /t REG_SZ /d "explorer.exe hxxp://ozirizsoos.info" <==== UWAGA
  43. C:\Users\Klusek\Links\OneDrive.lnk
  44. RemoveProxy:
  45. CMD: ipconfig /flushdns
  46. CMD: netsh advfirewall reset
  47.  
  48. *****************
  49.  
  50. Procesy zostały pomyślnie zamknięte.
  51. Punkt przywracania został pomyślnie utworzony.
  52. VirusTotal: C:\ProgramData\wta39003.exe => https://www.virustotal.com/file/42a2fc9118a70c4f0fcfd14de77e51df1440acbec1a2645038d59dba6937ff70/analysis/1500007149/
  53. "VirusTotal: C:\Users\Klusek\AppData\Roaming\Endless.Space.2.Deluxe.Edition.ENG.Repack\pxjhze.exe" => nie znaleziono
  54. "HKU\S-1-5-21-2486246776-2999285121-1746736506-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Klusek" => pomyślnie usunięto
  55. "HKU\S-1-5-21-2486246776-2999285121-1746736506-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4faddb4-988d-11e6-852e-d8cb8a4fb91a}" => pomyślnie usunięto
  56. HKLM\Software\Classes\CLSID\{e4faddb4-988d-11e6-852e-d8cb8a4fb91a} => nie znaleziono
  57. "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{bc4db40e-89a0-4c95-8c9a-ee2edfabb13f}\\DhcpNameServer" => pomyślnie usunięto
  58. "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{bf614ce0-a430-4a2b-af64-97852d386a4b}\\DhcpNameServer" => pomyślnie usunięto
  59. "HKLM\System\CurrentControlSet\Services\mracsvc" => pomyślnie usunięto
  60. mracsvc => serwis pomyślnie usunięto
  61. "HKLM\System\CurrentControlSet\Services\wta39003" => pomyślnie usunięto
  62. wta39003 => serwis pomyślnie usunięto
  63. "HKLM\System\CurrentControlSet\Services\mracdrv" => pomyślnie usunięto
  64. mracdrv => serwis pomyślnie usunięto
  65. "HKU\S-1-5-21-2486246776-2999285121-1746736506-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}" => pomyślnie usunięto
  66. "HKU\S-1-5-21-2486246776-2999285121-1746736506-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}" => pomyślnie usunięto
  67. "HKU\S-1-5-21-2486246776-2999285121-1746736506-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}" => pomyślnie usunięto
  68. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1" => pomyślnie usunięto
  69. HKLM\Software\Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => nie znaleziono
  70. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2" => pomyślnie usunięto
  71. HKLM\Software\Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => nie znaleziono
  72. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3" => pomyślnie usunięto
  73. HKLM\Software\Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => nie znaleziono
  74. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4" => pomyślnie usunięto
  75. HKLM\Software\Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => nie znaleziono
  76. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5" => pomyślnie usunięto
  77. HKLM\Software\Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => nie znaleziono
  78. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6" => pomyślnie usunięto
  79. HKLM\Software\Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3} => nie znaleziono
  80. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => pomyślnie usunięto
  81. HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => nie znaleziono
  82. "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1" => pomyślnie usunięto
  83. HKLM\Software\Wow6432Node\Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => nie znaleziono
  84. "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2" => pomyślnie usunięto
  85. HKLM\Software\Wow6432Node\Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => nie znaleziono
  86. "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3" => pomyślnie usunięto
  87. HKLM\Software\Wow6432Node\Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => nie znaleziono
  88. "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4" => pomyślnie usunięto
  89. HKLM\Software\Wow6432Node\Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => nie znaleziono
  90. "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5" => pomyślnie usunięto
  91. HKLM\Software\Wow6432Node\Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => nie znaleziono
  92. "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6" => pomyślnie usunięto
  93. HKLM\Software\Wow6432Node\Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3} => nie znaleziono
  94. "HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\00avast" => pomyślnie usunięto
  95. HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => nie znaleziono
  96. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4BE26BE2-D3AF-42CE-B4B5-E2ACB5F59094}" => pomyślnie usunięto
  97. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4BE26BE2-D3AF-42CE-B4B5-E2ACB5F59094}" => pomyślnie usunięto
  98. C:\WINDOWS\System32\Tasks\SystemMaintanceTask => pomyślnie przeniesiono
  99. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SystemMaintanceTask" => pomyślnie usunięto
  100. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4DAB1E9A-5EE5-416D-BD17-7B6344AF20DB}" => pomyślnie usunięto
  101. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4DAB1E9A-5EE5-416D-BD17-7B6344AF20DB}" => pomyślnie usunięto
  102. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => nie znaleziono
  103. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{59091FE3-4D92-4173-A149-6C49A98C03DE}" => pomyślnie usunięto
  104. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{59091FE3-4D92-4173-A149-6C49A98C03DE}" => pomyślnie usunięto
  105. C:\WINDOWS\System32\Tasks\SessionAgent => pomyślnie przeniesiono
  106. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SessionAgent" => pomyślnie usunięto
  107. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{FF1100FF-5516-477F-BFF8-85D5DA8387C6}" => pomyślnie usunięto
  108. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FF1100FF-5516-477F-BFF8-85D5DA8387C6}" => pomyślnie usunięto
  109. C:\WINDOWS\System32\Tasks\Klusek => pomyślnie przeniesiono
  110. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Klusek" => pomyślnie usunięto
  111. C:\Users\Klusek\Links\OneDrive.lnk => pomyślnie przeniesiono
  112.  
  113. ========= RemoveProxy: =========
  114.  
  115. "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => pomyślnie usunięto
  116. "HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => pomyślnie usunięto
  117. "HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => pomyślnie usunięto
  118. "HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => pomyślnie usunięto
  119. "HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => pomyślnie usunięto
  120. "HKU\S-1-5-21-2486246776-2999285121-1746736506-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => pomyślnie usunięto
  121. "HKU\S-1-5-21-2486246776-2999285121-1746736506-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => pomyślnie usunięto
  122.  
  123.  
  124. ========= Koniec RemoveProxy: =========
  125.  
  126.  
  127. ========= ipconfig /flushdns =========
  128.  
  129.  
  130. Windows IP Configuration
  131.  
  132. Successfully flushed the DNS Resolver Cache.
  133.  
  134. ========= Koniec CMD: =========
  135.  
  136.  
  137. ========= netsh advfirewall reset =========
  138.  
  139. Ok.
  140.  
  141.  
  142. ========= Koniec CMD: =========
  143.  
  144.  
  145. =========== EmptyTemp: ==========
  146.  
  147. BITS transfer queue => 8675328 B
  148. DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 118296150 B
  149. Java, Flash, Steam htmlcache => 404605453 B
  150. Windows/system/drivers => 918453 B
  151. Edge => 17408 B
  152. Chrome => 0 B
  153. Firefox => 10888187 B
  154. Opera => 150277474 B
  155.  
  156. Temp, IE cache, history, cookies, recent:
  157. Default => 0 B
  158. Users => 0 B
  159. ProgramData => 0 B
  160. Public => 0 B
  161. systemprofile => 0 B
  162. systemprofile32 => 374224 B
  163. LocalService => 3306 B
  164. NetworkService => 0 B
  165. Klusek => 116529953 B
  166.  
  167. RecycleBin => 660420 B
  168. EmptyTemp: => 773.7 MB danych tymczasowych Usunięto.
  169.  
  170. ================================
  171.  
  172.  
  173. System wymagał restartu.
  174.  
  175. ==== Koniec Fixlog 13:05:52 ====
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!