Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja: 09.01.2019 01
Uruchomiony przez Tomek (10-01-2019 20:25:20) Run:1
Uruchomiony z C:\Users\Tomek\Desktop
Załadowane profile: Tomek (Dostępne profile: defaultuser0 & Tomek)
Tryb startu: Normal
==============================================

fixlist - zawartość:
*****************
Task: {286AA064-375D-4EAB-910E-E9B7F10964ED} - System32\Tasks\{D70C3795-47EE-3AAA-EB89-8DF98E971913} => C:\Users\Tomek\AppData\Roaming\PaXOhZeFt.exe [2018-09-15] (Microsoft Corporation)
Task: {297ECAAD-6C0F-4CA6-A4B3-63B9BABBB894} - System32\Tasks\{7426A322-8F1E-5A0F-B6C2-6B36AD45452C} => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" hxxp://myxeneurt.net/cl/?guid=fvfmly8c8j73nppjgv1s8zcbnzllsrfy&prid=1&pid=4_1324_0
C:\Users\Tomek\AppData\Roaming\PaXOhZeFt.exe
Task: {33AFFC78-4A67-4DB3-B37F-602F43882062} - System32\Tasks\{77E079A7-596F-0F3D-B00F-BC9535175382} => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" hxxp://myxeneurt.net/cl/?guid=pviabuelzdhku7vx3kut1ak4b1n8pq84&prid=1&pid=4_1324_0
Task: {857686F6-5E73-46BF-B075-FA1E268C45A9} - System32\Tasks\{C162CCAA-08FA-D675-C7B9-18C6B7890788} => C:\Program Files (x86)\Common Files\aygetvej.exe [2018-09-15] (Microsoft Corporation)
C:\Program Files (x86)\Common Files\aygetvej.exe
Task: {92E7727A-7D2D-4DF0-AA78-BFF4C0AE7F84} - System32\Tasks\{DE6692C9-982C-3EFF-87E9-3FAF4EAA7585} => C:\Users\Tomek\AppData\Roaming\PaXOhZeFt.exe [2018-09-15] (Microsoft Corporation)
Task: {A64B0701-C30E-4879-905C-B5720EE4959B} - \Microsoft\Windows\UNP\RunCampaignManager -> Brak pliku <==== UWAGA
Task: {AEE72662-1B3F-41D8-842B-DF7002DBB476} - System32\Tasks\{40CD58BF-36BE-E594-BBA9-77717DC7CAB3} => "C:\Program Files\Mozilla Firefox\firefox.exe" hxxp://dhakil.com/cl/?guid=p5xbwzvve0gpcztuzs0i7kas84apdy8t&prid=1&pid=4_1324_0
Task: {D2C61568-2FA8-4714-ABEF-301CCBCD9379} - System32\Tasks\{F574134D-8C32-BBCA-89CC-09EA0A8FED68} => C:\Program Files (x86)\Common Files\aygetvej.exe [2018-09-15] (Microsoft Corporation)
RemoveDirectory: C:\Users\Tomek\AppData\Roaming\Microsoft\SoundMixer
HKLM\...\Policies\Explorer: [NoActiveDesktop] 1 [0 2018-11-29] ()
HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1 [0 2018-11-29] ()
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA
HKU\S-1-5-21-1177734181-163601610-57667068-1001\...\Run: [] => [X]
HKU\S-1-5-21-1177734181-163601610-57667068-1001\...\Command Processor: @mode 20,5 & tasklist /FI "IMAGENAME eq SoundMixer.exe" 2>NUL | find /I /N "SoundMixer.exe">NUL && exit & if exist "C:\Users\Tomek\AppData\Roaming\Microsoft\SoundMixer\SoundMixer.exe" ( start /MIN "" "C:\Users\Tomek\AppData\Roaming\Microsoft\SoundMixer\SoundMixer.exe" & tasklist /FI "IMAGENAME eq explorer.exe" 2>NUL | find /I /N "explorer.exe">NUL && exit & explorer.exe & exit ) else ( tasklist /FI "IMAGENAME eq explorer.exe" 2>NUL | find /I /N "explorer.exe">NUL && exit & explorer.exe & exit ) <==== UWAGA
GroupPolicy: Ograniczenia ? <==== UWAGA
ProxyEnable: [S-1-5-21-1177734181-163601610-57667068-1001] => Proxy [funkcja włączona]
FF Session Restore: Mozilla\Firefox\Profiles\rm7tb51n.default-1489774386214-1523978532264 -> [funkcja włączona]
S3 SWDUMon; \SystemRoot\system32\DRIVERS\SWDUMon.sys [X]
2018-09-15 08:29 - 2018-09-15 08:29 - 000078336 ____N (Microsoft Corporation) C:\Users\Tomek\AlgEpkWIqiTbY.exe
2018-09-15 08:29 - 2018-09-15 08:29 - 000181760 ____N (Microsoft Corporation) C:\Users\Tomek\eHKOYFyUUADIQ.exe
2018-09-15 08:29 - 2018-09-15 08:29 - 000078336 ____N (Microsoft Corporation) C:\Program Files (x86)\euTniahQuNgEN.exe
2018-09-15 08:29 - 2018-09-15 08:29 - 000078336 ____N (Microsoft Corporation) C:\Program Files (x86)\Common Files\aygetvej.exe
2018-09-15 08:29 - 2018-09-15 08:29 - 000078336 ____N (Microsoft Corporation) C:\Users\Tomek\AppData\Roaming\aaBFlOxYAny.exe
2018-09-15 08:29 - 2018-09-15 08:29 - 000181760 ____N (Microsoft Corporation) C:\Users\Tomek\AppData\Roaming\EYrXIyImFgOk.exe
2018-09-15 08:29 - 2018-09-15 08:29 - 000181760 ____N (Microsoft Corporation) C:\Users\Tomek\AppData\Roaming\lNwqgcqva.exe
2018-09-15 08:29 - 2018-09-15 08:29 - 000078336 ____N (Microsoft Corporation) C:\Users\Tomek\AppData\Roaming\PaXOhZeFt.exe
2018-11-18 13:38 - 2019-01-07 21:00 - 000000002 _____ () C:\Users\Tomek\AppData\Local\imw.ini
2018-05-25 23:23 - 2018-05-25 23:23 - 000140800 _____ () C:\Users\Tomek\AppData\Local\installer.dat
EmptyTemp: 
*****************

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{286AA064-375D-4EAB-910E-E9B7F10964ED}" => pomyślnie usunięto
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{286AA064-375D-4EAB-910E-E9B7F10964ED}" => pomyślnie usunięto
C:\WINDOWS\System32\Tasks\{D70C3795-47EE-3AAA-EB89-8DF98E971913} => pomyślnie przeniesiono
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D70C3795-47EE-3AAA-EB89-8DF98E971913}" => pomyślnie usunięto
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{297ECAAD-6C0F-4CA6-A4B3-63B9BABBB894}" => pomyślnie usunięto
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{297ECAAD-6C0F-4CA6-A4B3-63B9BABBB894}" => pomyślnie usunięto
C:\WINDOWS\System32\Tasks\{7426A322-8F1E-5A0F-B6C2-6B36AD45452C} => pomyślnie przeniesiono
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7426A322-8F1E-5A0F-B6C2-6B36AD45452C}" => pomyślnie usunięto
C:\Users\Tomek\AppData\Roaming\PaXOhZeFt.exe => pomyślnie przeniesiono
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{33AFFC78-4A67-4DB3-B37F-602F43882062}" => pomyślnie usunięto
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{33AFFC78-4A67-4DB3-B37F-602F43882062}" => pomyślnie usunięto
C:\WINDOWS\System32\Tasks\{77E079A7-596F-0F3D-B00F-BC9535175382} => pomyślnie przeniesiono
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{77E079A7-596F-0F3D-B00F-BC9535175382}" => pomyślnie usunięto
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{857686F6-5E73-46BF-B075-FA1E268C45A9}" => pomyślnie usunięto
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{857686F6-5E73-46BF-B075-FA1E268C45A9}" => pomyślnie usunięto
C:\WINDOWS\System32\Tasks\{C162CCAA-08FA-D675-C7B9-18C6B7890788} => pomyślnie przeniesiono
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C162CCAA-08FA-D675-C7B9-18C6B7890788}" => pomyślnie usunięto
C:\Program Files (x86)\Common Files\aygetvej.exe => pomyślnie przeniesiono
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{92E7727A-7D2D-4DF0-AA78-BFF4C0AE7F84}" => pomyślnie usunięto
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{92E7727A-7D2D-4DF0-AA78-BFF4C0AE7F84}" => pomyślnie usunięto
C:\WINDOWS\System32\Tasks\{DE6692C9-982C-3EFF-87E9-3FAF4EAA7585} => pomyślnie przeniesiono
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{DE6692C9-982C-3EFF-87E9-3FAF4EAA7585}" => pomyślnie usunięto
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A64B0701-C30E-4879-905C-B5720EE4959B}" => pomyślnie usunięto
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A64B0701-C30E-4879-905C-B5720EE4959B}" => pomyślnie usunięto
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => nie znaleziono
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AEE72662-1B3F-41D8-842B-DF7002DBB476}" => pomyślnie usunięto
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AEE72662-1B3F-41D8-842B-DF7002DBB476}" => pomyślnie usunięto
C:\WINDOWS\System32\Tasks\{40CD58BF-36BE-E594-BBA9-77717DC7CAB3} => pomyślnie przeniesiono
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{40CD58BF-36BE-E594-BBA9-77717DC7CAB3}" => pomyślnie usunięto
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D2C61568-2FA8-4714-ABEF-301CCBCD9379}" => pomyślnie usunięto
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D2C61568-2FA8-4714-ABEF-301CCBCD9379}" => pomyślnie usunięto
C:\WINDOWS\System32\Tasks\{F574134D-8C32-BBCA-89CC-09EA0A8FED68} => pomyślnie przeniesiono
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F574134D-8C32-BBCA-89CC-09EA0A8FED68}" => pomyślnie usunięto
"C:\Users\Tomek\AppData\Roaming\Microsoft\SoundMixer" => pomyślnie usunięto
"HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoActiveDesktop" => pomyślnie usunięto
"HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoActiveDesktopChanges" => pomyślnie usunięto
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => pomyślnie usunięto
"HKU\S-1-5-21-1177734181-163601610-57667068-1001\Software\Microsoft\Windows\CurrentVersion\Run\\" => pomyślnie usunięto
"HKU\S-1-5-21-1177734181-163601610-57667068-1001\Software\Microsoft\Command Processor\\AutoRun" => pomyślnie usunięto
C:\WINDOWS\system32\GroupPolicy\Machine => pomyślnie przeniesiono
C:\WINDOWS\system32\GroupPolicy\GPT.ini => pomyślnie przeniesiono
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => pomyślnie przeniesiono
"HKU\S-1-5-21-1177734181-163601610-57667068-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable" => pomyślnie usunięto
"Firefox Session Restore" => pomyślnie usunięto
HKLM\System\CurrentControlSet\Services\SWDUMon => pomyślnie usunięto
SWDUMon => serwis pomyślnie usunięto
C:\Users\Tomek\AlgEpkWIqiTbY.exe => pomyślnie przeniesiono
C:\Users\Tomek\eHKOYFyUUADIQ.exe => pomyślnie przeniesiono
C:\Program Files (x86)\euTniahQuNgEN.exe => pomyślnie przeniesiono
"C:\Program Files (x86)\Common Files\aygetvej.exe" => nie znaleziono
C:\Users\Tomek\AppData\Roaming\aaBFlOxYAny.exe => pomyślnie przeniesiono
C:\Users\Tomek\AppData\Roaming\EYrXIyImFgOk.exe => pomyślnie przeniesiono
C:\Users\Tomek\AppData\Roaming\lNwqgcqva.exe => pomyślnie przeniesiono
"C:\Users\Tomek\AppData\Roaming\PaXOhZeFt.exe" => nie znaleziono
C:\Users\Tomek\AppData\Local\imw.ini => pomyślnie przeniesiono
"C:\Users\Tomek\AppData\Local\installer.dat" => nie znaleziono

=========== EmptyTemp: ==========

BITS transfer queue => 10248192 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 55455704 B
Java, Flash, Steam htmlcache => 204361647 B
Windows/system/drivers => 130306 B
Edge => 2925117 B
Chrome => 0 B
Firefox => 418141732 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 1822 B
LocalService => 0 B
NetworkService => 0 B
NetworkService => 0 B
defaultuser0 => 0 B
Tomek => 108359085 B

RecycleBin => 61309665 B
EmptyTemp: => 821 MB danych tymczasowych Usunięto.

================================


System wymagał restartu.

==== Koniec  Fixlog 20:29:08 ====