Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja: 15.04.2018 Uruchomiony przez Domek (17-04-2018 23:19:19) Run:1 Uruchomiony z M:\_Install\_Utilites\[vir]farbar-frst Załadowane profile: Domek (Dostępne profile: Domek) Tryb startu: Normal ============================================== fixlist - zawartość: ***************** CloseProcesses: CreateRestorePoint: Task: {005B4961-582E-4BB6-B645-FA065B776982} - Brak ścieżki do pliku Task: {376A300C-A60B-40F4-B799-DB5DA12BC243} - \MSIAfterburner -> Brak pliku <==== UWAGA Task: {92554D20-F20A-4BE3-8C10-D3787A9B0774} - \{523CA314-9AD8-4869-92FA-B1C56B5D350B} -> Brak pliku <==== UWAGA Task: {999ED828-DDDB-4BCE-894A-D21DA21273B0} - \{60CA33C0-3D3C-46E1-914F-A1198AA6DC76} -> Brak pliku <==== UWAGA Task: {BE6C77CD-8591-4B2B-973F-4AED9F317847} - \{9D8824BD-9D7D-437C-9111-FAF30F1702A4} -> Brak pliku <==== UWAGA Task: {F163A557-1C18-4A84-A731-5581D77AAA1E} - \Run RoboForm TaskBar Icon -> Brak pliku <==== UWAGA Task: {B0506A1B-1651-464B-AA0B-86293169C43A} - \Run RoboForm Process -> Brak pliku <==== UWAGA GroupPolicyScripts: Ograniczenia <==== UWAGA FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt => nie znaleziono S2 wCpYx9gGumUX Updater; C:\Program Files (x86)\wCpYx9gGumUX Updater\wCpYx9gGumUX Updater.exe [X] S3 catchme; \??\C:\ComboFix2018\catchme.sys [X] S2 SSPORT; \??\C:\Windows\system32\Drivers\SSPORT.sys [X] File: C:\Program Files (x86)\Common Files\kyOWYuA.exe VirusTotal: C:\Program Files (x86)\Common Files\kyOWYuA.exe CMD: dir /a "C:\Program Files" CMD: dir /a "C:\Program Files (x86)" CMD: dir /a "C:\Program Files\Common Files\System" CMD: dir /a "C:\Program Files (x86)\Common Files\System" CMD: dir /a C:\ProgramData CMD: dir /a C:\Users\Domek\AppData\Local CMD: dir /a C:\Users\Domek\AppData\LocalLow CMD: dir /a C:\Users\Domek\AppData\Roaming Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"} EmptyTemp: ***************** Procesy zostały pomyślnie zamknięte. Punkt przywracania został pomyślnie utworzony. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{005B4961-582E-4BB6-B645-FA065B776982}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{005B4961-582E-4BB6-B645-FA065B776982}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{376A300C-A60B-40F4-B799-DB5DA12BC243}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{376A300C-A60B-40F4-B799-DB5DA12BC243}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MSIAfterburner" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{92554D20-F20A-4BE3-8C10-D3787A9B0774}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{92554D20-F20A-4BE3-8C10-D3787A9B0774}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{523CA314-9AD8-4869-92FA-B1C56B5D350B}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{999ED828-DDDB-4BCE-894A-D21DA21273B0}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{999ED828-DDDB-4BCE-894A-D21DA21273B0}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{60CA33C0-3D3C-46E1-914F-A1198AA6DC76}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BE6C77CD-8591-4B2B-973F-4AED9F317847}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BE6C77CD-8591-4B2B-973F-4AED9F317847}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{9D8824BD-9D7D-437C-9111-FAF30F1702A4}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F163A557-1C18-4A84-A731-5581D77AAA1E}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F163A557-1C18-4A84-A731-5581D77AAA1E}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Run RoboForm TaskBar Icon" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B0506A1B-1651-464B-AA0B-86293169C43A}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B0506A1B-1651-464B-AA0B-86293169C43A}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Run RoboForm Process" => pomyślnie usunięto C:\Windows\system32\GroupPolicy\Machine => pomyślnie przeniesiono C:\Windows\system32\GroupPolicy\GPT.ini => pomyślnie przeniesiono "HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}" => pomyślnie usunięto "HKLM\System\CurrentControlSet\Services\wCpYx9gGumUX Updater" => pomyślnie usunięto wCpYx9gGumUX Updater => serwis pomyślnie usunięto "HKLM\System\CurrentControlSet\Services\catchme" => pomyślnie usunięto catchme => serwis pomyślnie usunięto "HKLM\System\CurrentControlSet\Services\SSPORT" => pomyślnie usunięto SSPORT => serwis pomyślnie usunięto ========================= File: C:\Program Files (x86)\Common Files\kyOWYuA.exe ======================== C:\Program Files (x86)\Common Files\kyOWYuA.exe Plik podpisany cyfrowo MD5: A8492E3929E7B981DA541286709C8479 Data utworzenia i modyfikacji: 30598-05-30 11:27 - 30598-05-30 11:27 Rozmiar: 000073216 Atrybuty: ----N Firma: Microsoft Corporation Wewnętrzna nazwa: msiexec Oryginalna nazwa: msiexec.exe Produkt: Windows Installer - Unicode Opis: Windows® installer Plik Wersja: 5.0.7600.16385 (win7_rtm.090713-1255) Produkt Wersja: 5.0.7600.16385 Prawa autorskie: © Microsoft Corporation. All rights reserved. VirusTotal: https://www.virustotal.com/file/da986c4c25eccc3741e4c6a8f21e1e602f768a3834438d3fa42e0c950e529330/analysis/1523615416/ ====== Koniec File: ====== VirusTotal: C:\Program Files (x86)\Common Files\kyOWYuA.exe => https://www.virustotal.com/file/da986c4c25eccc3741e4c6a8f21e1e602f768a3834438d3fa42e0c950e529330/analysis/1523615416/ ========= dir /a "C:\Program Files" ========= Wolumin w stacji C to W7_U2 Numer seryjny woluminu: 8E66-1666 Katalog: C:\Program Files 2018-04-12 22:20 . 2018-04-12 22:20 .. 2017-07-13 19:58 Common Files 2017-09-21 15:28 ConvertHelper3 2009-07-14 06:54 174 desktop.ini 2009-07-14 20:09 DVD Maker 2018-02-03 09:25 Google 2009-07-14 19:55 Internet Explorer 2017-07-25 18:08 Logitech 2009-07-14 20:09 Microsoft Games 2016-07-14 14:18 Microsoft Office 2009-07-14 07:32 MSBuild 2017-08-14 18:31 NVIDIA Corporation 2017-08-16 18:41 Realtek 2009-07-14 07:32 Reference Assemblies 2009-07-14 07:09 Uninstall Information 2017-12-23 00:30 Unity 2016-08-07 14:47 Unlocker 2009-07-14 19:55 Windows Defender 2009-07-14 20:09 Windows Journal 2009-07-14 19:55 Windows Mail 2009-07-14 19:55 Windows Media Player 2015-11-28 20:34 Windows NT 2009-07-14 19:55 Windows Photo Viewer 2009-07-14 07:32 Windows Portable Devices 2009-07-14 19:55 Windows Sidebar 1 plik(˘w) 174 bajt˘w 25 katalog(˘w) 8˙995˙561˙472 bajt˘w wolnych ========= Koniec CMD: ========= ========= dir /a "C:\Program Files (x86)" ========= Wolumin w stacji C to W7_U2 Numer seryjny woluminu: 8E66-1666 Katalog: C:\Program Files (x86) 2018-04-17 15:09 . 2018-04-17 15:09 .. 2018-03-02 22:23 Adobe 2016-01-08 21:37 AGEIA Technologies 2017-08-15 17:25 ASM104xUSB3 2017-09-07 18:43 Auslogics 2012-06-19 17:37 AviSynth 2.6 2018-04-12 23:36 Common Files 2017-09-21 18:06 coolpro2 2009-07-14 06:54 174 desktop.ini 2016-01-09 11:59 EasyBCD 2016-06-04 17:21 FastStone Image Viewer 2018-02-08 20:41 Google 2017-08-16 18:51 InstallShield Installation Information 2017-08-14 18:45 Intel 2009-07-14 19:55 Internet Explorer 2016-07-14 14:10 Microsoft Office 2016-07-14 14:19 Microsoft Visual Studio 2016-07-14 14:18 Microsoft Visual Studio 8 2016-07-14 14:19 Microsoft Works 2016-07-14 14:19 Microsoft.NET 2018-04-17 15:09 Mozilla Firefox 2015-11-28 21:20 Mozilla Maintenance Service 2016-07-14 14:19 MSBuild 2016-07-14 14:10 MSECache 2017-08-22 18:05 MSI Afterburner 2018-04-12 20:20 NordVPN 2016-08-05 19:08 Notepad++ 2017-08-14 18:31 NVIDIA Corporation 2018-04-12 21:10 Opera 2017-06-02 08:04 Panda Security 2017-08-16 18:47 Realtek 2009-07-14 07:32 Reference Assemblies 2016-07-31 20:25 Samsung 2016-07-31 20:06 SamsungPrinterLiveUpdate 2016-07-31 20:06 SamsungPrinterLiveUpdateInstaller 2016-01-08 20:29 Siber Systems 2017-08-16 18:51 Temp 2016-07-15 15:04 The Bat! 2009-07-14 06:57 Uninstall Information 2009-07-14 19:55 Windows Defender 2009-07-14 19:55 Windows Mail 2009-07-14 19:55 Windows Media Player 2009-07-14 07:32 Windows NT 2009-07-14 19:55 Windows Photo Viewer 2009-07-14 07:32 Windows Portable Devices 2009-07-14 19:55 Windows Sidebar 2016-01-09 14:29 Wise 1 plik(˘w) 174 bajt˘w 47 katalog(˘w) 8˙995˙561˙472 bajt˘w wolnych ========= Koniec CMD: ========= ========= dir /a "C:\Program Files\Common Files\System" ========= Wolumin w stacji C to W7_U2 Numer seryjny woluminu: 8E66-1666 Katalog: C:\Program Files\Common Files\System 2009-07-14 19:55 . 2009-07-14 19:55 .. 2009-07-14 19:55 ado 2009-07-14 03:40 29˙184 DirectDB.dll 2009-07-14 19:55 en-US 2009-07-14 19:55 msadc 2009-07-14 19:55 Ole DB 2009-07-14 19:55 pl-PL 2009-07-14 03:41 886˙784 wab32.dll 2009-07-14 03:33 1˙098˙752 wab32res.dll 3 plik(˘w) 2˙014˙720 bajt˘w 7 katalog(˘w) 8˙995˙565˙568 bajt˘w wolnych ========= Koniec CMD: ========= ========= dir /a "C:\Program Files (x86)\Common Files\System" ========= Wolumin w stacji C to W7_U2 Numer seryjny woluminu: 8E66-1666 Katalog: C:\Program Files (x86)\Common Files\System 2009-07-14 19:55 . 2009-07-14 19:55 .. 2009-07-14 19:55 ado 2009-07-14 03:15 24˙064 DirectDB.dll 2009-07-14 19:55 en-US 2009-07-14 19:55 msadc 2016-07-14 14:19 Ole DB 2009-07-14 19:55 pl-PL 2009-07-14 03:16 708˙608 wab32.dll 2009-07-14 03:11 1˙098˙752 wab32res.dll 3 plik(˘w) 1˙831˙424 bajt˘w 7 katalog(˘w) 8˙995˙565˙568 bajt˘w wolnych ========= Koniec CMD: ========= ========= dir /a C:\ProgramData ========= Wolumin w stacji C to W7_U2 Numer seryjny woluminu: 8E66-1666 Katalog: C:\ProgramData 2018-04-12 20:25 . 2018-04-12 20:25 .. 2018-03-02 22:23 Adobe 2009-07-14 07:08 Application Data [C:\ProgramData] 2017-09-07 18:43 Auslogics 2015-11-28 20:34 Dane aplikacji [C:\ProgramData] 2009-07-14 07:08 Desktop [C:\Users\Public\Desktop] 2009-07-14 07:08 Documents [C:\Users\Public\Documents] 2015-11-28 20:34 Dokumenty [C:\Users\Public\Documents] 2009-07-14 07:08 Favorites [C:\Users\Public\Favorites] 2016-10-08 20:53 GRETECH 2017-08-28 21:49 Logishrd 2015-11-28 20:34 Menu Start [C:\ProgramData\Microsoft\Windows\Start Menu] 2016-10-24 20:36 Microsoft 2017-05-08 21:37 Microsoft Help 2017-08-14 18:34 NVIDIA 2016-01-08 21:43 NVIDIA Corporation 2016-01-06 15:40 Panda Security 2015-11-28 20:34 Pulpit [C:\Users\Public\Desktop] 2016-01-08 20:30 RoboForm 2016-07-31 20:06 Samsung 2009-07-14 07:08 Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu] 2015-11-28 20:34 Szablony [C:\ProgramData\Microsoft\Windows\Templates] 2009-07-14 07:08 Templates [C:\ProgramData\Microsoft\Windows\Templates] 2015-11-28 20:34 Ulubione [C:\Users\Public\Favorites] 2018-04-17 15:02 VMware 0 plik(˘w) 0 bajt˘w 26 katalog(˘w) 8˙995˙561˙472 bajt˘w wolnych ========= Koniec CMD: ========= ========= dir /a C:\Users\Domek\AppData\Local ========= Wolumin w stacji C to W7_U2 Numer seryjny woluminu: 8E66-1666 Katalog: C:\Users\Domek\AppData\Local 2018-04-16 11:00 . 2018-04-16 11:00 .. 2018-03-18 08:07 Adobe 2016-05-25 14:43 CEF 2015-11-28 20:34 Dane aplikacji [C:\Users\Domek\AppData\Local] 2018-04-16 11:00 109˙312 GDIPFONTCACHEV1.DAT 2016-11-04 08:05 Google 2015-11-28 20:34 Historia [C:\Users\Domek\AppData\Local\Microsoft\Windows\History] 2018-04-17 07:50 13˙646˙336 IconCache.db 2016-01-09 14:49 Macromedia 2016-07-14 14:23 Microsoft 2017-08-02 22:13 Microsoft Games 2016-07-14 14:17 Microsoft Help 2017-04-17 18:13 MiPhoneManager 2015-11-29 11:36 Mozilla 2015-11-28 21:14 NeoSmart_Technologies 2016-07-26 18:00 NVIDIA 2016-06-25 19:34 Opera 2018-04-12 22:17 Opera Software 2016-07-14 13:36 PCHealth 2016-01-09 14:28 Programs 2017-08-15 08:17 7˙627 Resmon.ResmonCfg 2018-02-04 18:29 SIGMA 2017-02-01 20:33 Smellyriver 2018-04-12 23:40 temp 2015-11-28 20:34 Temporary Internet Files [C:\Users\Domek\AppData\Local\Microsoft\Windows\Temporary Internet Files] 2016-01-08 21:56 VirtualStore 2016-02-14 18:25 VMware 3 plik(˘w) 13˙763˙275 bajt˘w 25 katalog(˘w) 8˙995˙561˙472 bajt˘w wolnych ========= Koniec CMD: ========= ========= dir /a C:\Users\Domek\AppData\LocalLow ========= Wolumin w stacji C to W7_U2 Numer seryjny woluminu: 8E66-1666 Katalog: C:\Users\Domek\AppData\LocalLow 2016-09-06 17:53 . 2016-09-06 17:53 .. 2016-01-09 20:16 Google 2016-01-12 19:17 Microsoft 2016-01-08 20:30 Siber Systems 2017-06-01 23:17 Temp 0 plik(˘w) 0 bajt˘w 6 katalog(˘w) 8˙995˙565˙568 bajt˘w wolnych ========= Koniec CMD: ========= ========= dir /a C:\Users\Domek\AppData\Roaming ========= Wolumin w stacji C to W7_U2 Numer seryjny woluminu: 8E66-1666 Katalog: C:\Users\Domek\AppData\Roaming 2018-04-12 23:42 . 2018-04-12 23:42 .. 2018-03-02 22:21 Adobe 2018-03-02 22:23 e-Deklaracje 2018-03-02 22:23 e-Deklaracje.A1909296681C7ACEFE45687D3A64758C8659BF46.1 2016-07-15 15:03 272 ex_log.txt 2018-04-12 20:21 FastDataX 2016-06-04 17:21 FastStone 2016-10-08 20:51 GRETECH 2015-11-28 20:35 Identities 2017-07-13 20:04 Logishrd 2017-07-13 20:00 Logitech 2016-01-09 14:49 Macromedia 2009-07-14 20:09 Media Center Programs 2017-04-11 18:18 Microsoft 2017-06-28 20:08 Mikrotik 2015-11-28 21:20 Mozilla 2016-08-05 19:21 Notepad++ 2017-09-07 11:10 NVIDIA 2016-06-25 19:34 Opera 2018-04-12 22:17 Opera Software 2016-01-06 15:40 Panda Security 2017-07-13 20:02 sp6_log 2018-04-16 09:18 Telegram Desktop 2016-02-14 18:25 VMware 2016-01-08 22:20 Wargaming.net 2016-01-06 16:28 WinRAR 2018-04-16 10:57 Wise Disk Cleaner 2017-04-16 19:55 Xiaomi 2016-10-05 18:57 XnView 1 plik(˘w) 272 bajt˘w 29 katalog(˘w) 8˙995˙561˙472 bajt˘w wolnych ========= Koniec CMD: ========= ========= wevtutil el | Foreach-Object {wevtutil cl "$_"} ========= ========= Koniec Powershell: ========= =========== EmptyTemp: ========== BITS transfer queue => 0 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 25303523 B Java, Flash, Steam htmlcache => 510 B Windows/system/drivers => 0 B Edge => 0 B Chrome => 135241993 B Firefox => 27492235 B Opera => 0 B Temp, IE cache, history, cookies, recent: Users => 0 B Default => 33058 B Public => 0 B ProgramData => 0 B systemprofile => 33058 B systemprofile32 => 823 B LocalService => 290 B NetworkService => 290 B Domek => 4504954 B UpdatusUser => 0 B RecycleBin => 0 B EmptyTemp: => 183.7 MB danych tymczasowych Usunięto. ================================ System wymagał restartu. ==== Koniec Fixlog 23:20:12 ====