Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja: 01.09.2018 03 Uruchomiony przez Mati (03-09-2018 18:42:20) Run:1 Uruchomiony z C:\Users\Mati\Desktop Załadowane profile: Mati & (Dostępne profile: Mati) Tryb startu: Normal ============================================== fixlist - zawartość: ***************** CloseProcesses: CreateRestorePoint: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico 2018-08-31 22:26 - 2018-05-21 22:50 - 000000000 ____D C:\Program Files\KMSpico Task: {1267C18C-FA97-4085-872A-60F238D8F8D1} - \AutoPico Daily Restart -> Brak pliku <==== UWAGA Task: {628E8252-0762-46AF-B50E-B881F2D9E6DB} - \Mati -> Brak pliku <==== UWAGA Task: {03FD7A8C-4F9C-4FB8-999A-9083B6708C8C} - System32\Tasks\{419F0E51-6D64-4A75-ABE7-B0369D4FED27} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\MonitorDriver\vcredist_x64.exe" -d "C:\Program Files (x86)\MonitorDriver" Task: {CD896D3E-7CC6-458B-AAB7-6E2BD2482FAA} - System32\Tasks\{0C588318-2488-414F-94BE-3F992E531751} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\MonitorDriver\MonSetupXP64.exe" -d "C:\Program Files (x86)\MonitorDriver" HKLM-x32\...\Run: [] => [X] HKU\S-1-5-21-3102395202-1640753785-1171503364-1000\...\MountPoints2: F - F:\autorun.exe HKU\S-1-5-21-3102395202-1640753785-1171503364-1000\...\MountPoints2: {84f78eca-5f43-11e8-960d-4c0010244ca3} - D:\SETUP.EXE HKU\S-1-5-21-3102395202-1640753785-1171503364-1000\...\MountPoints2: {9e017fbe-0a5b-11e8-abfe-4c0010244ca3} - H:\autorun.exe HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = FF Extension: (Web Security) - C:\Users\Mati\AppData\Roaming\Mozilla\Firefox\Profiles\rovw4ve6.default-1513156938396\Extensions\contact@web-security.com.xpi [2018-04-08] FF Extension: (Browser Security) - C:\Users\Mati\AppData\Roaming\Mozilla\Firefox\Profiles\rovw4ve6.default-1513156938396\Extensions\firefox@browser-security.de.xpi [2018-02-12] DeleteKey: HKLM\SOFTWARE\Google Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"} EmptyTemp: ***************** Procesy zostały pomyślnie zamknięte. Punkt przywracania został pomyślnie utworzony. "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico" => nie znaleziono C:\Program Files\KMSpico => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1267C18C-FA97-4085-872A-60F238D8F8D1}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1267C18C-FA97-4085-872A-60F238D8F8D1}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoPico Daily Restart" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{628E8252-0762-46AF-B50E-B881F2D9E6DB}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{628E8252-0762-46AF-B50E-B881F2D9E6DB}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Mati" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{03FD7A8C-4F9C-4FB8-999A-9083B6708C8C}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{03FD7A8C-4F9C-4FB8-999A-9083B6708C8C}" => pomyślnie usunięto C:\Windows\System32\Tasks\{419F0E51-6D64-4A75-ABE7-B0369D4FED27} => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{419F0E51-6D64-4A75-ABE7-B0369D4FED27}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CD896D3E-7CC6-458B-AAB7-6E2BD2482FAA}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CD896D3E-7CC6-458B-AAB7-6E2BD2482FAA}" => pomyślnie usunięto C:\Windows\System32\Tasks\{0C588318-2488-414F-94BE-3F992E531751} => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0C588318-2488-414F-94BE-3F992E531751}" => pomyślnie usunięto "HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => pomyślnie usunięto "HKU\S-1-5-21-3102395202-1640753785-1171503364-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F" => pomyślnie usunięto "HKU\S-1-5-21-3102395202-1640753785-1171503364-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{84f78eca-5f43-11e8-960d-4c0010244ca3}" => pomyślnie usunięto HKLM\Software\Classes\CLSID\{84f78eca-5f43-11e8-960d-4c0010244ca3} => nie znaleziono "HKU\S-1-5-21-3102395202-1640753785-1171503364-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9e017fbe-0a5b-11e8-abfe-4c0010244ca3}" => pomyślnie usunięto HKLM\Software\Classes\CLSID\{9e017fbe-0a5b-11e8-abfe-4c0010244ca3} => nie znaleziono HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Wartość pomyślnie przywrócono HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Wartość pomyślnie przywrócono HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Wartość pomyślnie przywrócono HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Wartość pomyślnie przywrócono HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Wartość pomyślnie przywrócono HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Wartość pomyślnie przywrócono HKLM\Software\\Microsoft\Internet Explorer\Main\\Local Page => Wartość pomyślnie przywrócono HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Local Page => Wartość pomyślnie przywrócono C:\Users\Mati\AppData\Roaming\Mozilla\Firefox\Profiles\rovw4ve6.default-1513156938396\Extensions\contact@web-security.com.xpi => pomyślnie przeniesiono C:\Users\Mati\AppData\Roaming\Mozilla\Firefox\Profiles\rovw4ve6.default-1513156938396\Extensions\firefox@browser-security.de.xpi => pomyślnie przeniesiono "HKLM\SOFTWARE\Google" => pomyślnie usunięto ========= wevtutil el | Foreach-Object {wevtutil cl "$_"} ========= ========= Koniec Powershell: ========= =========== EmptyTemp: ========== BITS transfer queue => 8388608 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 14999269 B Java, Flash, Steam htmlcache => 6990 B Windows/system/drivers => 278805958 B Edge => 0 B Chrome => 0 B Firefox => 398894783 B Opera => 0 B Temp, IE cache, history, cookies, recent: Users => 0 B Default => 0 B Public => 0 B ProgramData => 0 B systemprofile => 16802 B systemprofile32 => 66356 B LocalService => 0 B NetworkService => 59884 B Mati => 960033881 B Kasia => 370916 B RecycleBin => 3681851912 B EmptyTemp: => 5 GB danych tymczasowych Usunięto. ================================ System wymagał restartu. ==== Koniec Fixlog 18:45:45 ====