Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja: 20.06.2018 Uruchomiony przez Maciej (04-07-2018 18:41:59) Run:1 Uruchomiony z I:\frst Załadowane profile: Maciej (Dostępne profile: Maciej) Tryb startu: Safe Mode (minimal) ============================================== fixlist - zawartość: ***************** Task: {CFEB0C65-7FEB-45CD-8642-86BC616FDBC7} - System32\Tasks\{3FDC1824-3026-495B-BC62-77E31147E60A} => C:\Users\Maciej\yYukFsGwNOUoa.exe [2014-10-29] (Microsoft Corporation) C:\Users\Maciej\yYukFsGwNOUoa.exe Task: {F12EC1A1-6099-436E-AFE7-DF0FBB3DD354} - System32\Tasks\{0D265E38-20B4-4EBF-A70E-5FE20DD28981} => C:\Program Files (x86)\Common Files\gedEFEe.exe [2014-10-29] (Microsoft Corporation) C:\Program Files (x86)\Common Files\gedEFEe.exe RemoveDirectory: C:\ProgramData\{13EED68D-99AC-5C4B-1F6A-C209852849C7} C:\Users\Maciej\AppData\Local\ManaQamwjuiX.exe Task: {3177EB92-E06D-4067-B4C3-BEB393FE0908} - System32\Tasks\okko => C:\Windows\System32\cmd.exe shutdown -s Task: {43F13606-F47C-4C46-BFA1-AE75B7FF31CC} - System32\Tasks\hgghiu => shutdown [Argument = -s] Task: {C830582F-4382-4893-A699-239760D402DC} - \Chromium maned -> Brak pliku <==== UWAGA Task: {F07D3795-087D-48A6-829C-BDDBCABAE825} - System32\Tasks\aa => shutdown [Argument = -s] Task: C:\Windows\Tasks\Chromium maned.job => C:\Windows\system32\wscript.ex C:\ProgramData\{13EED68D-99AC-5C4B-1F6A-C209852849C7}\calo.txt <==== UWAGA FirewallRules: [TCP Query User{EC1539F7-F01F-432E-846B-A4153823EC95}C:\users\maciej\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\maciej\appdata\local\akamai\netsession_win.exe FirewallRules: [UDP Query User{74BEC7F9-A4A4-4126-B527-BB2822513C87}C:\users\maciej\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\maciej\appdata\local\akamai\netsession_win.exe HKLM-x32\...\Run: [] => [X] HKU\S-1-5-21-338279554-2149266489-842227458-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Maciej\AppData\Local\Akamai\netsession_win.exe [4586456 2018-04-17] (Akamai Technologies, Inc.) HKU\S-1-5-21-338279554-2149266489-842227458-1001\...\Run: [GalaxyClient] => [X] HKU\S-1-5-21-338279554-2149266489-842227458-1001\...\Policies\Explorer: [] HKU\S-1-5-21-338279554-2149266489-842227458-1001\...\Winlogon: [Shell] C:\Windows\explorer.exe [2755504 2016-08-27] (Microsoft Corporation) <==== UWAGA Startup: C:\Users\Maciej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\windows.vbs [2017-11-14] () GroupPolicy: Ograniczenia ? <==== UWAGA FF Homepage: Mozilla\Firefox\Profiles\fya289w0.default -> hxxps://pl.search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10437__180325__yaff FF NewTab: Mozilla\Firefox\Profiles\fya289w0.default -> hxxps://pl.search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10437__180325__yaff S4 nvvhci; \SystemRoot\System32\drivers\nvvhci.sys [X] S3 X6va063; \??\C:\Windows\SysWOW64\Drivers\X6va063 [X] C:\Users\Maciej\Documents\Inventor\Interactive Tutorials.ipj.lnk Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"} EmptyTemp: ***************** "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CFEB0C65-7FEB-45CD-8642-86BC616FDBC7}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CFEB0C65-7FEB-45CD-8642-86BC616FDBC7}" => pomyślnie usunięto C:\Windows\System32\Tasks\{3FDC1824-3026-495B-BC62-77E31147E60A} => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3FDC1824-3026-495B-BC62-77E31147E60A}" => pomyślnie usunięto C:\Users\Maciej\yYukFsGwNOUoa.exe => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F12EC1A1-6099-436E-AFE7-DF0FBB3DD354}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F12EC1A1-6099-436E-AFE7-DF0FBB3DD354}" => pomyślnie usunięto C:\Windows\System32\Tasks\{0D265E38-20B4-4EBF-A70E-5FE20DD28981} => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0D265E38-20B4-4EBF-A70E-5FE20DD28981}" => pomyślnie usunięto C:\Program Files (x86)\Common Files\gedEFEe.exe => pomyślnie przeniesiono "C:\ProgramData\{13EED68D-99AC-5C4B-1F6A-C209852849C7}" => pomyślnie usunięto C:\Users\Maciej\AppData\Local\ManaQamwjuiX.exe => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3177EB92-E06D-4067-B4C3-BEB393FE0908}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3177EB92-E06D-4067-B4C3-BEB393FE0908}" => pomyślnie usunięto C:\Windows\System32\Tasks\okko => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\okko" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{43F13606-F47C-4C46-BFA1-AE75B7FF31CC}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{43F13606-F47C-4C46-BFA1-AE75B7FF31CC}" => pomyślnie usunięto C:\Windows\System32\Tasks\hgghiu => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\hgghiu" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C830582F-4382-4893-A699-239760D402DC}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C830582F-4382-4893-A699-239760D402DC}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Chromium maned" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F07D3795-087D-48A6-829C-BDDBCABAE825}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F07D3795-087D-48A6-829C-BDDBCABAE825}" => pomyślnie usunięto C:\Windows\System32\Tasks\aa => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\aa" => pomyślnie usunięto C:\Windows\Tasks\Chromium maned.job => pomyślnie przeniesiono "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{EC1539F7-F01F-432E-846B-A4153823EC95}C:\users\maciej\appdata\local\akamai\netsession_win.exe" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{74BEC7F9-A4A4-4126-B527-BB2822513C87}C:\users\maciej\appdata\local\akamai\netsession_win.exe" => pomyślnie usunięto "HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => pomyślnie usunięto "HKU\S-1-5-21-338279554-2149266489-842227458-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Akamai NetSession Interface" => pomyślnie usunięto "HKU\S-1-5-21-338279554-2149266489-842227458-1001\Software\Microsoft\Windows\CurrentVersion\Run\\GalaxyClient" => pomyślnie usunięto "HKU\S-1-5-21-338279554-2149266489-842227458-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\" => pomyślnie usunięto "HKU\S-1-5-21-338279554-2149266489-842227458-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell" => pomyślnie usunięto C:\Users\Maciej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\windows.vbs => pomyślnie przeniesiono C:\Windows\system32\GroupPolicy\Machine => pomyślnie przeniesiono C:\Windows\system32\GroupPolicy\GPT.ini => pomyślnie przeniesiono "Firefox homepage" => pomyślnie usunięto "Firefox newtab" => pomyślnie usunięto "HKLM\System\CurrentControlSet\Services\nvvhci" => pomyślnie usunięto nvvhci => serwis pomyślnie usunięto "HKLM\System\CurrentControlSet\Services\X6va063" => pomyślnie usunięto X6va063 => serwis pomyślnie usunięto C:\Users\Maciej\Documents\Inventor\Interactive Tutorials.ipj.lnk => pomyślnie przeniesiono ========= wevtutil el | Foreach-Object {wevtutil cl "$_"} ========= ========= Koniec Powershell: ========= =========== EmptyTemp: ========== BITS transfer queue => 0 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 83703093 B Java, Flash, Steam htmlcache => 121129274 B Windows/system/drivers => 7201113 B Edge => 0 B Chrome => 272941742 B Firefox => 23763039 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 128 B systemprofile32 => 128 B LocalService => 8222 B NetworkService => 0 B Maciej => 748680232 B .NET v4.5 => 0 B DefaultAppPool => 0 B .NET v4.5 Classic => 0 B RecycleBin => 0 B EmptyTemp: => 1.2 GB danych tymczasowych Usunięto. ================================ System wymagał restartu. ==== Koniec Fixlog 18:42:17 ====