Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja: 10.02.2018 02 Uruchomiony przez Karolek (11-02-2018 12:11:34) Run:2 Uruchomiony z C:\Users\Karolek\Desktop\FRST Załadowane profile: Karolek (Dostępne profile: Karolek) Tryb startu: Normal ============================================== fixlist - zawartość: ***************** CloseProcesses: CreateRestorePoint: GroupPolicy\User: Ograniczenia <==== UWAGA CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <==== UWAGA Toolbar: HKU\S-1-5-21-1917668780-486707301-2944577488-1000 -> Brak nazwy - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Brak pliku HKU\S-1-5-21-1917668780-486707301-2944577488-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://page-ups.com/all/ S3 NAVENG; \??\C:\Program Files (x86)\Norton Security\NortonData\22.7.0.76\Definitions\SDSDefs\20160601.040\ENG64.SYS [X] S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security\NortonData\22.7.0.76\Definitions\SDSDefs\20160601.040\EX64.SYS [X] S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku Task: {50C4F8C6-0965-41EF-A464-6AA77BF6E68A} - System32\Tasks\Windows Formulator Notes Lite => C:\Windows\system32\rundll32.exe "C:\Program Files\Windows Formulator Notes Lite\Windows Formulator Notes Lite.dll",rLPtmp <==== UWAGA Task: {7CC69EB6-90CD-47C6-A7B4-EFD6D18AC598} - System32\Tasks\CPU Tracker for CDM Demo => C:\Windows\system32\rundll32.exe "C:\Program Files\CPU Tracker for CDM Demo\CPU Tracker for CDM Demo.dll",fisSojQ <==== UWAGA Task: C:\Windows\Tasks\CPU Tracker for CDM Demo.job => rundll32.exe C:\Program Files\CPU Tracker for CDM Demo\CPU Tracker for CDM Demo.dll Task: {8ADFEA2A-EA17-4F35-BB78-16EFB4A439A8} - System32\Tasks\Jack Game Contacts Lease => C:\Windows\system32\rundll32.exe "C:\Program Files\Jack Game Contacts Lease\Jack Game Contacts Lease.dll",UjObmie <==== UWAGA Task: {8F873C7A-CB14-4DF4-9D1F-E19D2ED45E2D} - System32\Tasks\AutoFise OpenViewer => C:\Windows\system32\rundll32.exe "C:\Program Files\AutoFise OpenViewer\AutoFise OpenViewer.dll",rXGGCJZZHci <==== UWAGA Folder: C:\Program Files\Windows Formulator Notes Lite Folder: C:\Program Files\CPU Tracker for CDM Demo Folder: C:\Program Files\Jack Game Contacts Lease Folder: C:\Program Files\AutoFise OpenViewer C:\Users\Karolek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Intеrnet Еxplorеr (Nо Аdd-оns).lnk nointegritychecks: ==> "IntegrityChecks" [funkcja wyłączona] <==== UWAGA DeleteKey: HKCU\Software\Mozilla DeleteKey: HKCU\Software\MozillaPlugins DeleteKey: HKLM\SOFTWARE\Mozilla DeleteKey: HKLM\SOFTWARE\MozillaPlugins DeleteKey: HKLM\SOFTWARE\Wow6432Node\Mozilla DeleteKey: HKLM\SOFTWARE\Wow6432Node\mozilla.org DeleteKey: HKLM\SOFTWARE\Wow6432Node\MozillaPlugins C:\Users\Karolek\AppData\Local\Mozilla C:\Users\Karolek\AppData\Roaming\Mozilla C:\Users\Karolek\AppData\Roaming\Profiles Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"} Hosts: EmptyTemp: ***************** Procesy zostały pomyślnie zamknięte. Punkt przywracania został pomyślnie utworzony. C:\Windows\system32\GroupPolicy\User => pomyślnie przeniesiono "HKLM\SOFTWARE\Policies\Google" => pomyślnie usunięto "HKU\S-1-5-21-1917668780-486707301-2944577488-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => pomyślnie usunięto "HKLM\Software\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => pomyślnie usunięto HKU\S-1-5-21-1917668780-486707301-2944577488-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyślnie przywrócono "HKLM\System\CurrentControlSet\Services\NAVENG" => pomyślnie usunięto NAVENG => serwis pomyślnie usunięto "HKLM\System\CurrentControlSet\Services\NAVEX15" => pomyślnie usunięto NAVEX15 => serwis pomyślnie usunięto "HKLM\System\CurrentControlSet\Services\catchme" => pomyślnie usunięto catchme => serwis pomyślnie usunięto "HKLM\System\CurrentControlSet\Services\NTIOLib_1_0_C" => pomyślnie usunięto NTIOLib_1_0_C => serwis pomyślnie usunięto "HKLM\System\CurrentControlSet\Services\Synth3dVsc" => pomyślnie usunięto Synth3dVsc => serwis pomyślnie usunięto "HKLM\System\CurrentControlSet\Services\tsusbhub" => pomyślnie usunięto tsusbhub => serwis pomyślnie usunięto "HKLM\System\CurrentControlSet\Services\VGPU" => pomyślnie usunięto VGPU => serwis pomyślnie usunięto "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw" => pomyślnie usunięto HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => klucz nie znaleziono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{50C4F8C6-0965-41EF-A464-6AA77BF6E68A}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{50C4F8C6-0965-41EF-A464-6AA77BF6E68A}" => pomyślnie usunięto C:\Windows\System32\Tasks\Windows Formulator Notes Lite => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Windows Formulator Notes Lite" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{7CC69EB6-90CD-47C6-A7B4-EFD6D18AC598}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7CC69EB6-90CD-47C6-A7B4-EFD6D18AC598}" => pomyślnie usunięto C:\Windows\System32\Tasks\CPU Tracker for CDM Demo => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CPU Tracker for CDM Demo" => pomyślnie usunięto C:\Windows\Tasks\CPU Tracker for CDM Demo.job => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{8ADFEA2A-EA17-4F35-BB78-16EFB4A439A8}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8ADFEA2A-EA17-4F35-BB78-16EFB4A439A8}" => pomyślnie usunięto C:\Windows\System32\Tasks\Jack Game Contacts Lease => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Jack Game Contacts Lease" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{8F873C7A-CB14-4DF4-9D1F-E19D2ED45E2D}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8F873C7A-CB14-4DF4-9D1F-E19D2ED45E2D}" => pomyślnie usunięto C:\Windows\System32\Tasks\AutoFise OpenViewer => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoFise OpenViewer" => pomyślnie usunięto ========================= Folder: C:\Program Files\Windows Formulator Notes Lite ======================== 2017-12-21 06:27 - 2017-12-23 00:50 - 000041145 ____A [376F13BB61E19A61CF8C1EC938C07DAF] () C:\Program Files\Windows Formulator Notes Lite\766005025 ====== Koniec Folder: ====== ========================= Folder: C:\Program Files\CPU Tracker for CDM Demo ======================== nie znaleziono. ====== Koniec Folder: ====== ========================= Folder: C:\Program Files\Jack Game Contacts Lease ======================== nie znaleziono. ====== Koniec Folder: ====== ========================= Folder: C:\Program Files\AutoFise OpenViewer ======================== nie znaleziono. ====== Koniec Folder: ====== C:\Users\Karolek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Intеrnet Еxplorеr (Nо Аdd-оns).lnk => pomyślnie przeniesiono ========================= bcdedit ======================== Operacja uko�czona pomy�lnie. ========= Koniec bcdedit ========= "HKCU\Software\Mozilla" => pomyślnie usunięto "HKCU\Software\MozillaPlugins" => pomyślnie usunięto "HKLM\SOFTWARE\Mozilla" => pomyślnie usunięto "HKLM\SOFTWARE\MozillaPlugins" => pomyślnie usunięto "HKLM\SOFTWARE\Wow6432Node\Mozilla" => pomyślnie usunięto HKLM\SOFTWARE\Wow6432Node\mozilla.org => klucz nie znaleziono "HKLM\SOFTWARE\Wow6432Node\MozillaPlugins" => pomyślnie usunięto "C:\Users\Karolek\AppData\Local\Mozilla" => nie znaleziono "C:\Users\Karolek\AppData\Roaming\Mozilla" => nie znaleziono "C:\Users\Karolek\AppData\Roaming\Profiles" => nie znaleziono ========= wevtutil el | Foreach-Object {wevtutil cl "$_"} ========= ========= Koniec Powershell: ========= C:\Windows\System32\Drivers\etc\hosts => pomyślnie przeniesiono Hosts pomyślnie przywrócono. =========== EmptyTemp: ========== BITS transfer queue => 8388608 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 19751172 B Java, Flash, Steam htmlcache => 8439241 B Windows/system/drivers => 1941663 B Edge => 0 B Chrome => 767229132 B Firefox => 0 B Opera => 21367171 B Temp, IE cache, history, cookies, recent: Users => 0 B Default => 0 B Public => 0 B ProgramData => 0 B systemprofile32 => 83592 B LocalService => 66228 B NetworkService => 692 B Karolek => 217569390 B RecycleBin => 4691815920 B EmptyTemp: => 5.3 GB danych tymczasowych Usunięto. ================================ System wymagał restartu. ==== Koniec Fixlog 12:12:45 ====