Fix result of Farbar Recovery Scan Tool (x64) Version: 26-02-2020
Ran by Wojtron (02-03-2020 18:26:51) Run:1
Running from C:\Users\Wojtron\Desktop\new69\a2_new
Loaded Profiles: Wojtron & MSSQLSERVER (Available Profiles: Wojtron & MSSQLSERVER)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKU\S-1-5-21-922897428-1530232081-1820824115-1000\Software\Classes\regfile: regedit.exe "%1" <==== ATTENTION
Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"}
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-922897428-1530232081-1820824115-1000\...\Policies\Explorer: []
Task: {0355DFB0-20D3-4802-86B8-5D0674B52035} - System32\Tasks\{755F93A9-E18A-41C8-A836-FE12917E7F14} => C:\Windows\system32\pcalua.exe -a "D:\Instalki\gry\Gothic2 NK\Gothic2.Noc.Kruka.PL\Setup.exe" -d "D:\Instalki\gry\Gothic2 NK\Gothic2.Noc.Kruka.PL"
Task: {03B25FA9-D3BC-402B-AB28-0BD4503AD254} - System32\Tasks\{C3B06B71-4E37-400E-8BBB-C9835D43F9F1} => C:\Windows\system32\pcalua.exe -a D:\Gry\G2Online\Gothic2\drugigothic2_playerkit-2.6f.exe -d D:\Gry\G2Online\Gothic2
Task: {2B7C0A28-048C-46F0-9F97-E1A72454191F} - System32\Tasks\{FC5D5416-3664-4439-B121-9438E314DE32} => C:\Windows\system32\pcalua.exe -a "D:\Gry\Riot Games\Riot Client\RiotClientServices.exe" -c --uninstall-product=league_of_legends --uninstall-patchline=pbe
Task: {BDBE59D1-6131-4D0F-B005-A2383AED5DFD} - System32\Tasks\{826C527A-7EC1-4BD7-AA14-F13CEA60B02F} => C:\Windows\system32\pcalua.exe -a D:\serwery\mu_online_2\server\SQLServer2017-SSEI-Expr.exe -d D:\serwery\mu_online_2\server
Task: {D73BD743-FC51-4CBF-B63E-AF5E0C5C8411} - System32\Tasks\{6C813326-88C2-4EFB-AA1E-EBE1079E887F} => C:\Windows\system32\pcalua.exe -a D:\serwery\mu_online_2\server\MSDE2000A.exe -d D:\serwery\mu_online_2\server
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-922897428-1530232081-1820824115-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = &gct=sb&qsrc=2869
FF user.js: detected! => C:\Users\Wojtron\AppData\Roaming\Mozilla - Kopia\Firefox\Profiles\utw3105q.default\user.js [2017-11-30]
FF Session Restore: Mozilla - Kopia\Firefox\Profiles\utw3105q.default -> is enabled.
FF user.js: detected! => C:\Users\Wojtron\AppData\Roaming\Mozilla\Firefox\Profiles\utw3105q.default\user.js [2017-11-30]
S4 postgresql-x64-12; "D:\serwery\postgresql\bin\pg_ctl.exe" runservice -N "postgresql-x64-12" -D "D:\serwery\postgresql\data" -w
S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]
S3 cpuz137; \??\C:\Windows\TEMP\cpuz137\cpuz137_x64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X]
S3 GPU-Z; \??\C:\Users\Wojtron\AppData\Local\Temp\GPU-Z.sys [X] <==== ATTENTION
S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]
S3 NAVENG; \??\C:\Program Files (x86)\Norton 360\NortonData\22.5.4.24\Definitions\VirusDefs\20160704.001\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton 360\NortonData\22.5.4.24\Definitions\VirusDefs\20160704.001\EX64.SYS [X]
S3 NTLiveGuardN64; \??\D:\Gry\Mu\mysticalmu\LiveGuard\NTLiveGuardN64.sys [X]
S3 SliceDisk5; \??\C:\Users\Wojtron\AppData\Local\Temp\FindAndMount\slicedisk-x64.sys [X] <==== ATTENTION
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 XFDriver64; \??\D:\Programy\Xfire2\XFDriver64.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\Wojtron\AppData\Local\Akamai\netsession_win.exe"
C:\Users\Wojtron\AppData\Local\Akamai\netsession_win.exe
C:\Users\Wojtron\Desktop\7 SEM\projekt oswietlenie\oswietlenie — skrót.lnk
C:\Users\Wojtron\Desktop\6 sem\ses_6\awaryjnosc2\Awaryjnosc — skrót.lnk
EmptyTemp::
*****************

HKU\S-1-5-21-922897428-1530232081-1820824115-1000\Software\Classes\regfile => removed successfully

========= wevtutil el | Foreach-Object {wevtutil cl "$_"} =========


========= End of Powershell: =========

"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKU\S-1-5-21-922897428-1530232081-1820824115-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0355DFB0-20D3-4802-86B8-5D0674B52035}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0355DFB0-20D3-4802-86B8-5D0674B52035}" => removed successfully
C:\Windows\System32\Tasks\{755F93A9-E18A-41C8-A836-FE12917E7F14} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{755F93A9-E18A-41C8-A836-FE12917E7F14}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{03B25FA9-D3BC-402B-AB28-0BD4503AD254}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{03B25FA9-D3BC-402B-AB28-0BD4503AD254}" => removed successfully
C:\Windows\System32\Tasks\{C3B06B71-4E37-400E-8BBB-C9835D43F9F1} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C3B06B71-4E37-400E-8BBB-C9835D43F9F1}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2B7C0A28-048C-46F0-9F97-E1A72454191F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2B7C0A28-048C-46F0-9F97-E1A72454191F}" => removed successfully
C:\Windows\System32\Tasks\{FC5D5416-3664-4439-B121-9438E314DE32} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FC5D5416-3664-4439-B121-9438E314DE32}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BDBE59D1-6131-4D0F-B005-A2383AED5DFD}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BDBE59D1-6131-4D0F-B005-A2383AED5DFD}" => removed successfully
C:\Windows\System32\Tasks\{826C527A-7EC1-4BD7-AA14-F13CEA60B02F} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{826C527A-7EC1-4BD7-AA14-F13CEA60B02F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D73BD743-FC51-4CBF-B63E-AF5E0C5C8411}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D73BD743-FC51-4CBF-B63E-AF5E0C5C8411}" => removed successfully
C:\Windows\System32\Tasks\{6C813326-88C2-4EFB-AA1E-EBE1079E887F} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6C813326-88C2-4EFB-AA1E-EBE1079E887F}" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
"HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
"HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-922897428-1530232081-1820824115-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => removed successfully
C:\Users\Wojtron\AppData\Roaming\Mozilla - Kopia\Firefox\Profiles\utw3105q.default\user.js => moved successfully
"Firefox Session Restore" => removed successfully
C:\Users\Wojtron\AppData\Roaming\Mozilla\Firefox\Profiles\utw3105q.default\user.js => moved successfully
HKLM\System\CurrentControlSet\Services\postgresql-x64-12 => removed successfully
postgresql-x64-12 => service removed successfully
HKLM\System\CurrentControlSet\Services\BRDriver64_1_3_3_E02B25FC => removed successfully
BRDriver64_1_3_3_E02B25FC => service removed successfully
HKLM\System\CurrentControlSet\Services\cpuz137 => removed successfully
cpuz137 => service removed successfully
HKLM\System\CurrentControlSet\Services\EagleX64 => removed successfully
EagleX64 => service removed successfully
HKLM\System\CurrentControlSet\Services\FairplayKD => removed successfully
FairplayKD => service removed successfully
HKLM\System\CurrentControlSet\Services\GPU-Z => removed successfully
GPU-Z => service removed successfully
HKLM\System\CurrentControlSet\Services\GPUZ => removed successfully
GPUZ => service removed successfully
HKLM\System\CurrentControlSet\Services\NAVENG => could not remove. Access Denied.
HKLM\System\CurrentControlSet\Services\NAVEX15 => could not remove. Access Denied.
HKLM\System\CurrentControlSet\Services\NTLiveGuardN64 => removed successfully
NTLiveGuardN64 => service removed successfully
HKLM\System\CurrentControlSet\Services\SliceDisk5 => removed successfully
SliceDisk5 => service removed successfully
HKLM\System\CurrentControlSet\Services\VGPU => removed successfully
VGPU => service removed successfully
HKLM\System\CurrentControlSet\Services\XFDriver64 => removed successfully
XFDriver64 => service removed successfully
HKLM\System\CurrentControlSet\Services\xhunter1 => removed successfully
xhunter1 => service removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Akamai NetSession Interface => removed successfully
C:\Users\Wojtron\AppData\Local\Akamai\netsession_win.exe => moved successfully
C:\Users\Wojtron\Desktop\7 SEM\projekt oswietlenie\oswietlenie — skrót.lnk => moved successfully
C:\Users\Wojtron\Desktop\6 sem\ses_6\awaryjnosc2\Awaryjnosc — skrót.lnk => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 48101133 B
Java, Flash, Steam htmlcache => 332618661 B
Windows/system/drivers => 182510 B
Edge => 0 B
Chrome => 0 B
Firefox => 270290384 B
Opera => 282692019 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 66228 B
Public => 66228 B
ProgramData => 66228 B
systemprofile => 44107305 B
systemprofile32 => 44336682 B
LocalService => 44512641 B
NetworkService => 44698339 B
Wojtron => 96839947 B
MSSQLSERVER => 96906175 B

RecycleBin => 0 B
EmptyTemp: => 1.2 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 02-03-2020 18:33:02)


Result of scheduled keys to remove after reboot:

HKLM\System\CurrentControlSet\Services\NAVENG => could not remove. Access Denied.
HKLM\System\CurrentControlSet\Services\NAVEX15 => could not remove. Access Denied.

==== End of Fixlog 18:33:02 ====