API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Oct 16th, 2022
58
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 13.32 KB | Cybersecurity | 0 0
raw download clone embed print report
  1. Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja: 16-10-2022
  2. Uruchomiony przez battl (16-10-2022 20:37:17) Run:1
  3. Uruchomiony z D:\Instalatory
  4. Załadowane profile: battl & postgres
  5. Tryb startu: Normal
  6. ==============================================
  7.  
  8. fixlist - zawartość:
  9. *****************
  10. CreateRestorePoint:
  11. CloseProcesses:
  12. EmptyTemp:
  13. HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Ograniczenia <==== UWAGA
  14. HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Ograniczenia <==== UWAGA
  15. HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA
  16. HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Ograniczenia <==== UWAGA
  17. HKU\S-1-5-21-1928712825-2472657400-24126803-1001\...\Run: [AdobeBridge] => [X]
  18. HKU\S-1-5-21-1928712825-2472657400-24126803-1001\...\Run: [Xvid] => WScript "C:\Program Files (x86)\Xvid\CheckUpdateLauncher.vbs" "C:\Program Files (x86)\Xvid\CheckUpdate.ps1" (Brak pliku)
  19. HKU\S-1-5-21-1928712825-2472657400-24126803-1001\...\Run: [UrlsFile] => cmd /c start C:\Users\battl\UrlsFile.lnk -ep unrestricted -file C:\Users\battl\MakeJunk.ps1 (Brak pliku) <==== UWAGA
  20. HKU\S-1-5-18\...\Policies\system: [DisableTaskMgr] 1
  21. HKU\S-1-5-18\...\Policies\system: [DisableCMD] 1
  22. HKU\S-1-5-18\...\Policies\system: [DisableRegistryTools] 1
  23. GroupPolicy: Ograniczenia ? <==== UWAGA
  24. Policies: C:\ProgramData\NTUSER.pol: Ograniczenia <==== UWAGA
  25. HKLM\SOFTWARE\Policies\Mozilla\Firefox: Ograniczenia <==== UWAGA
  26. Task: {007EE8F4-02D8-4290-926A-22F29C864D25} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2250576 2022-10-16] (Avast Software s.r.o. -> Avast Software)
  27. Task: {46283DC6-18A8-4777-96AF-8D70D94E6DB8} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe --automatic (Brak pliku)
  28. Task: {B2774336-753F-4534-AE68-DD88A57440DC} - System32\Tasks\{12EA3BA8-815A-715A-8A8A-681A8C47AD9E} => rundll32.exe "C:\Users\battl\AppData\Roaming\{7F5851CB-DA38-5830-BDBB-3D3E9EA37578}\quokzufe.dll",#1 --naey="GridShed\license.dat"
  29. Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
  30. Tcpip\..\Interfaces\{6eccc877-e394-4617-8c3a-d4abd1d62b5d}: [DhcpNameServer] 192.168.1.1
  31. Tcpip\..\Interfaces\{99df9e13-86ca-47a9-8b45-ab5ff39e89d5}: [DhcpNameServer] 192.168.213.170
  32. Tcpip\..\Interfaces\{9f2cce24-81fd-4df1-9ed5-beac232edd83}: [DhcpNameServer] 192.168.55.1
  33. FF Extension: (Brak nazwy) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [nie znaleziono]
  34. FF Extension: (Brak nazwy) - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [nie znaleziono]
  35. S3 mracsvc; C:\WINDOWS\System32\mracsvc.exe [16966416 2019-07-14] (Mail.Ru LLC -> LLC Mail.Ru)
  36. S3 mracdrv; C:\WINDOWS\System32\drivers\mracdrv.sys [16228328 2019-07-14] (Mail.Ru LLC -> LLC Mail.Ru)
  37. 2022-10-16 17:07 - 2022-10-16 17:07 - 030585424 _____ (g10 Code GmbH) C:\Users\battl\AppData\Roaming\gpg4win-2.2.5.exe
  38. 2022-10-16 17:07 - 2022-10-16 17:07 - 000252928 _____ (M2-Team) C:\Users\battl\AppData\Roaming\Nsudo.exe
  39. 2019-10-08 16:12 - 2019-10-08 16:12 - 009256960 _____ () C:\Program Files (x86)\GUTD232.tmp
  40. 2021-01-21 18:08 - 2021-03-07 20:20 - 000000610 _____ () C:\Users\battl\AppData\Roaming\KONOR.MTBF.txt
  41. 2022-10-16 17:07 - 2022-10-16 17:07 - 000071168 _____ () C:\Users\battl\AppData\Roaming\p9d2.dll
  42. 2022-10-16 17:07 - 2022-10-16 17:07 - 000041474 _____ () C:\Users\battl\AppData\Roaming\p9d2.dll.gpg
  43. 2022-10-16 17:07 - 2022-10-16 17:07 - 000033389 _____ () C:\Users\battl\AppData\Roaming\p9d2s.exe.gpg
  44. 2022-10-16 17:07 - 2022-10-16 17:07 - 000000009 _____ () C:\Users\battl\AppData\Roaming\runanddelete.bat
  45. 2022-10-16 17:07 - 2022-10-16 17:07 - 000010487 _____ () C:\Users\battl\AppData\Roaming\scripttodo.ps1
  46. ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> Brak pliku
  47. AlternateDataStreams: C:\Users\battl\AppData\Local\Temp:com.affinity.photo.2 [241]
  48. AlternateDataStreams: C:\Users\battl\AppData\Local\Temp:com.affinity.photo.3 [197]
  49. AlternateDataStreams: C:\Users\Public\AppData:CSM [474]
  50. HKU\S-1-5-21-1928712825-2472657400-24126803-1001\Software\Classes\.reg: => <==== UWAGA
  51. HKU\S-1-5-21-1928712825-2472657400-24126803-1001\Software\Classes\.bat: => <==== UWAGA
  52. HKU\S-1-5-21-1928712825-2472657400-24126803-1001\Software\Classes\.cmd: => <==== UWAGA
  53. HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
  54. HKU\S-1-5-21-1928712825-2472657400-24126803-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell17win10.msn.com/?pc=DCTE
  55. HKU\S-1-5-21-1928712825-2472657400-24126803-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell17win10.msn.com/?pc=DCTE
  56. SearchScopes: HKU\S-1-5-21-1928712825-2472657400-24126803-1001 -> DefaultScope {EEF017EE-74F7-489B-877A-FDC75E984B0A} URL =
  57. SearchScopes: HKU\S-1-5-21-1928712825-2472657400-24126803-1001 -> {EEF017EE-74F7-489B-877A-FDC75E984B0A} URL =
  58. Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - Brak pliku
  59. FirewallRules: [TCP Query User{E02A49A9-BFEE-43DD-9646-6870B6A0761D}I:\program files (x86)\dragon age\bin_ship\daorigins.exe] => (Allow) I:\program files (x86)\dragon age\bin_ship\daorigins.exe => Brak pliku
  60. FirewallRules: [UDP Query User{2FFDCD9C-946B-4679-96A1-436B1A87D72F}I:\program files (x86)\dragon age\bin_ship\daorigins.exe] => (Allow) I:\program files (x86)\dragon age\bin_ship\daorigins.exe => Brak pliku
  61. RemoveProxy:
  62.  
  63. *****************
  64.  
  65. Punkt przywracania został pomyślnie utworzony.
  66. Procesy zostały pomyślnie zamknięte.
  67. HKLM\SOFTWARE\Microsoft\Windows Defender\\"DisableAntiSpyware"="0" => Wartość pomyślnie przywrócono
  68. HKLM\SOFTWARE\Microsoft\Windows Defender\\"DisableAntiVirus"="0" => Wartość pomyślnie przywrócono
  69. HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => pomyślnie usunięto
  70. HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate => pomyślnie usunięto
  71. "HKU\S-1-5-21-1928712825-2472657400-24126803-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge" => pomyślnie usunięto
  72. "HKU\S-1-5-21-1928712825-2472657400-24126803-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Xvid" => pomyślnie usunięto
  73. "HKU\S-1-5-21-1928712825-2472657400-24126803-1001\Software\Microsoft\Windows\CurrentVersion\Run\\UrlsFile" => pomyślnie usunięto
  74. "HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableTaskMgr" => pomyślnie usunięto
  75. "HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableCMD" => pomyślnie usunięto
  76. "HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableRegistryTools" => pomyślnie usunięto
  77. C:\WINDOWS\system32\GroupPolicy\Machine => pomyślnie przeniesiono
  78. C:\WINDOWS\system32\GroupPolicy\GPT.ini => pomyślnie przeniesiono
  79. C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => pomyślnie przeniesiono
  80. C:\ProgramData\NTUSER.pol => pomyślnie przeniesiono
  81. HKLM\SOFTWARE\Policies\Mozilla => pomyślnie usunięto
  82. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{007EE8F4-02D8-4290-926A-22F29C864D25}" => pomyślnie usunięto
  83. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{007EE8F4-02D8-4290-926A-22F29C864D25}" => pomyślnie usunięto
  84. C:\WINDOWS\System32\Tasks\Avast Software\Overseer => pomyślnie przeniesiono
  85. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avast Software\Overseer" => pomyślnie usunięto
  86. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{46283DC6-18A8-4777-96AF-8D70D94E6DB8}" => pomyślnie usunięto
  87. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{46283DC6-18A8-4777-96AF-8D70D94E6DB8}" => pomyślnie usunięto
  88. C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => pomyślnie przeniesiono
  89. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473" => pomyślnie usunięto
  90. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B2774336-753F-4534-AE68-DD88A57440DC}" => nie znaleziono
  91. "C:\WINDOWS\System32\Tasks\{12EA3BA8-815A-715A-8A8A-681A8C47AD9E}" => nie znaleziono
  92. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{12EA3BA8-815A-715A-8A8A-681A8C47AD9E}" => nie znaleziono
  93. C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => pomyślnie przeniesiono
  94. "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6eccc877-e394-4617-8c3a-d4abd1d62b5d}\\DhcpNameServer" => pomyślnie usunięto
  95. "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{99df9e13-86ca-47a9-8b45-ab5ff39e89d5}\\DhcpNameServer" => pomyślnie usunięto
  96. "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9f2cce24-81fd-4df1-9ed5-beac232edd83}\\DhcpNameServer" => pomyślnie usunięto
  97. C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi => ścieżki pomyślnie usunięto
  98. C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi => ścieżki pomyślnie usunięto
  99. HKLM\System\CurrentControlSet\Services\mracsvc => pomyślnie usunięto
  100. mracsvc => serwis pomyślnie usunięto
  101. HKLM\System\CurrentControlSet\Services\mracdrv => pomyślnie usunięto
  102. mracdrv => serwis pomyślnie usunięto
  103. C:\Users\battl\AppData\Roaming\gpg4win-2.2.5.exe => pomyślnie przeniesiono
  104. C:\Users\battl\AppData\Roaming\Nsudo.exe => pomyślnie przeniesiono
  105. C:\Program Files (x86)\GUTD232.tmp => pomyślnie przeniesiono
  106. C:\Users\battl\AppData\Roaming\KONOR.MTBF.txt => pomyślnie przeniesiono
  107. C:\Users\battl\AppData\Roaming\p9d2.dll => pomyślnie przeniesiono
  108. C:\Users\battl\AppData\Roaming\p9d2.dll.gpg => pomyślnie przeniesiono
  109. C:\Users\battl\AppData\Roaming\p9d2s.exe.gpg => pomyślnie przeniesiono
  110. C:\Users\battl\AppData\Roaming\runanddelete.bat => pomyślnie przeniesiono
  111. C:\Users\battl\AppData\Roaming\scripttodo.ps1 => pomyślnie przeniesiono
  112. HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => pomyślnie usunięto
  113. C:\Users\battl\AppData\Local\Temp => ":com.affinity.photo.2" ADS pomyślnie usunięto
  114. C:\Users\battl\AppData\Local\Temp => ":com.affinity.photo.3" ADS pomyślnie usunięto
  115. C:\Users\Public\AppData => ":CSM" ADS pomyślnie usunięto
  116. HKU\S-1-5-21-1928712825-2472657400-24126803-1001\Software\Classes\.reg => pomyślnie usunięto
  117. HKU\S-1-5-21-1928712825-2472657400-24126803-1001\Software\Classes\.bat => pomyślnie usunięto
  118. HKU\S-1-5-21-1928712825-2472657400-24126803-1001\Software\Classes\.cmd => pomyślnie usunięto
  119. HKLM\Software\\Microsoft\Internet Explorer\Main\\"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" => Wartość pomyślnie przywrócono
  120. HKU\S-1-5-21-1928712825-2472657400-24126803-1001\Software\Microsoft\Internet Explorer\Main\\"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" => Wartość pomyślnie przywrócono
  121. HKU\S-1-5-21-1928712825-2472657400-24126803-1001\Software\Microsoft\Internet Explorer\Main\\"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" => Wartość pomyślnie przywrócono
  122. "HKU\S-1-5-21-1928712825-2472657400-24126803-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => pomyślnie usunięto
  123. HKU\S-1-5-21-1928712825-2472657400-24126803-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEF017EE-74F7-489B-877A-FDC75E984B0A} => pomyślnie usunięto
  124. HKLM\Software\Classes\PROTOCOLS\Handler\sacore => pomyślnie usunięto
  125. "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{E02A49A9-BFEE-43DD-9646-6870B6A0761D}I:\program files (x86)\dragon age\bin_ship\daorigins.exe" => pomyślnie usunięto
  126. "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{2FFDCD9C-946B-4679-96A1-436B1A87D72F}I:\program files (x86)\dragon age\bin_ship\daorigins.exe" => pomyślnie usunięto
  127.  
  128. ========= RemoveProxy: =========
  129.  
  130. "HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => pomyślnie usunięto
  131. "HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => pomyślnie usunięto
  132. "HKU\S-1-5-21-1928712825-2472657400-24126803-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => pomyślnie usunięto
  133. "HKU\S-1-5-21-1928712825-2472657400-24126803-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => pomyślnie usunięto
  134.  
  135.  
  136. ========= Koniec RemoveProxy: =========
  137.  
  138.  
  139. =========== EmptyTemp: ==========
  140.  
  141. FlushDNS => ukończone
  142. BITS transfer queue => 0 B
  143. DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 10555785 B
  144. Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 821930258 B
  145. Windows/system/drivers => 22619915 B
  146. Edge => 65244 B
  147. Vivaldi => 1410016 B
  148. Firefox => 242543741 B
  149. Opera => 0 B
  150.  
  151. Temp, IE cache, history, cookies, recent:
  152. Default => 6656 B
  153. ProgramData => 6656 B
  154. Public => 6656 B
  155. systemprofile => 20122330 B
  156. systemprofile32 => 20122394 B
  157. LocalService => 20122394 B
  158. NetworkService => 58216018 B
  159. battl => 138812246 B
  160. postgres => 138818902 B
  161. SSASTELEMETRY => 138818902 B
  162. SQLTELEMETRY => 138818902 B
  163. MSSQLServerOLAPService => 138818902 B
  164. MSSQLSERVER => 138818902 B
  165.  
  166. RecycleBin => 0 B
  167. EmptyTemp: => 1.9 GB danych tymczasowych Usunięto.
  168.  
  169. ================================
  170.  
  171.  
  172. System wymagał restartu.
  173.  
  174. ==== Koniec Fixlog 20:39:24 ====
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!