Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja: 16-05.2019
Uruchomiony przez z97 (19-05-2019 16:59:57) Run:1
Uruchomiony z C:\Users\z97\Desktop
Załadowane profile: z97 (Dostępne profile: z97)
Tryb startu: Normal
==============================================

fixlist - zawartość:
*****************
HKU\S-1-5-21-674152808-494936928-215878896-1000\...\Winlogon: [Shell] %comspec% <==== UWAGA
HKU\S-1-5-21-674152808-494936928-215878896-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05192019151138321\...\Winlogon: [Shell] %comspec% <==== UWAGA
RemoveDirectory: C:\Windows\system32\config\SYSTEM~1\AppData\Local\BJIHIW~1
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05192019151138061\...\RunOnce: [zZHILNIspz] => C:\Windows\system32\config\SYSTEM~1\AppData\Local\BJIHIW~1\rdsvc.exe
HKU\S-1-5-18\...\RunOnce: [zZHILNIspz] => C:\Windows\system32\config\SYSTEM~1\AppData\Local\BJIHIW~1\rdsvc.exe
Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"}
HKU\S-1-5-21-674152808-494936928-215878896-1000\...\Run: [GalaxyClient] => [X]
HKU\S-1-5-21-674152808-494936928-215878896-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05192019151138321\...\Run: [GalaxyClient] => [X]
Task: {68CC6C25-7723-4CA9-93EB-03A4D1A2EE63} - System32\Tasks\{ABCDA2D4-3443-4659-8F29-50CC02837255} => C:\Windows\system32\pcalua.exe -a H:\Autorun.exe -d H:\
Task: {8E40DF14-CF4F-4F4F-9330-EC9024296484} - System32\Tasks\{0749CDAA-BE56-4E84-8528-2A8D69468E77} => C:\Windows\system32\pcalua.exe -a G:\Setup.exe -d G:\
Task: {9CB8D1DC-EF50-4DCC-99EB-061798475F03} - System32\Tasks\{32360135-F412-4811-8102-2D8100A07383} => C:\Windows\system32\pcalua.exe -a D:\Users\z97\Downloads\1317984636-Silvia-S15\Silvia\setup.exe -d D:\Users\z97\Downloads\1317984636-Silvia-S15\Silvia
S3 BEDaisy; \??\C:\Program Files (x86)\Common Files\BattlEye\BEDaisy.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
S4 nvvhci; system32\DRIVERS\nvvhci.sys [X]
CMD: attrib /d /s -r -s -h C:\FOUND.*
CMD: for /d %f in (C:\FOUND.*) do rd /s /q "%f"
FirewallRules: [TCP Query User{79BE3B82-CE4D-4704-A9E4-F656AA529730}G:\dlc1\dlcbootlan.exe] => (Block) G:\dlc1\dlcbootlan.exe Brak pliku
FirewallRules: [UDP Query User{18EB0941-154D-43F5-8F43-3B9BA4C0E477}G:\dlc1\dlcbootlan.exe] => (Block) G:\dlc1\dlcbootlan.exe Brak pliku
EmptyTemp:
*****************

"HKU\S-1-5-21-674152808-494936928-215878896-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell" => nie znaleziono
HKU\S-1-5-21-674152808-494936928-215878896-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05192019151138321\...\Winlogon: [Shell] %comspec% <==== UWAGA => Błąd: Nie znaleziono automatycznej naprawy dla tego wejścia.
"C:\Windows\system32\config\SYSTEM~1\AppData\Local\BJIHIW~1" => nie znaleziono
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05192019151138061\...\RunOnce: [zZHILNIspz] => C:\Windows\system32\config\SYSTEM~1\AppData\Local\BJIHIW~1\rdsvc.exe => Błąd: Nie znaleziono automatycznej naprawy dla tego wejścia.
"HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\zZHILNIspz" => pomyślnie usunięto

========= wevtutil el | Foreach-Object {wevtutil cl "$_"} =========


========= Koniec  Powershell: =========

"HKU\S-1-5-21-674152808-494936928-215878896-1000\Software\Microsoft\Windows\CurrentVersion\Run\\GalaxyClient" => pomyślnie usunięto
HKU\S-1-5-21-674152808-494936928-215878896-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05192019151138321\...\Run: [GalaxyClient] => [X] => Błąd: Nie znaleziono automatycznej naprawy dla tego wejścia.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{68CC6C25-7723-4CA9-93EB-03A4D1A2EE63}" => pomyślnie usunięto
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{68CC6C25-7723-4CA9-93EB-03A4D1A2EE63}" => pomyślnie usunięto
C:\Windows\System32\Tasks\{ABCDA2D4-3443-4659-8F29-50CC02837255} => pomyślnie przeniesiono
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{ABCDA2D4-3443-4659-8F29-50CC02837255}" => pomyślnie usunięto
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8E40DF14-CF4F-4F4F-9330-EC9024296484}" => pomyślnie usunięto
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8E40DF14-CF4F-4F4F-9330-EC9024296484}" => pomyślnie usunięto
C:\Windows\System32\Tasks\{0749CDAA-BE56-4E84-8528-2A8D69468E77} => pomyślnie przeniesiono
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0749CDAA-BE56-4E84-8528-2A8D69468E77}" => pomyślnie usunięto
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9CB8D1DC-EF50-4DCC-99EB-061798475F03}" => pomyślnie usunięto
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9CB8D1DC-EF50-4DCC-99EB-061798475F03}" => pomyślnie usunięto
C:\Windows\System32\Tasks\{32360135-F412-4811-8102-2D8100A07383} => pomyślnie przeniesiono
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{32360135-F412-4811-8102-2D8100A07383}" => pomyślnie usunięto
HKLM\System\CurrentControlSet\Services\BEDaisy => pomyślnie usunięto
BEDaisy => serwis pomyślnie usunięto
HKLM\System\CurrentControlSet\Services\nvvad_WaveExtensible => pomyślnie usunięto
nvvad_WaveExtensible => serwis pomyślnie usunięto
HKLM\System\CurrentControlSet\Services\nvvhci => pomyślnie usunięto
nvvhci => serwis pomyślnie usunięto

========= attrib /d /s -r -s -h C:\FOUND.* =========


========= Koniec  CMD: =========


========= for /d %f in (C:\FOUND.*) do rd /s /q "%f" =========

C:\found.000\dir0000.chk\Language - Katalog nie jest pusty.
C:\found.000\dir0000.chk\LANGUA~1 - Katalog nie jest pusty.

========= Koniec  CMD: =========

"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{79BE3B82-CE4D-4704-A9E4-F656AA529730}G:\dlc1\dlcbootlan.exe" => pomyślnie usunięto
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{18EB0941-154D-43F5-8F43-3B9BA4C0E477}G:\dlc1\dlcbootlan.exe" => pomyślnie usunięto

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 15855468 B
Java, Flash, Steam htmlcache => 332156570 B
Windows/system/drivers => 287 B
Edge => 0 B
Chrome => 8822178 B
Firefox => 0 B
Opera => 112533595 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 56325725 B
systemprofile32 => 66356 B
LocalService => 66228 B
NetworkService => 66228 B
z97 => 66385163 B

RecycleBin => 0 B
EmptyTemp: => 572.9 MB danych tymczasowych Usunięto.

================================


System wymagał restartu.

==== Koniec  Fixlog 17:05:27 ====