Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja: 08-05-2022 Uruchomiony przez Kuba (09-05-2022 18:26:06) Run:1 Uruchomiony z C:\Users\TEMP\Downloads Załadowane profile: Kuba i Michał & Kuba Tryb startu: Safe Mode (with Networking) ============================================== fixlist - zawartość: ***************** Reg: reg query HKLM\SYSTEM\CurrentControlSet\services\VSS /s BHO-x32: Brak nazwy -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> Brak pliku HKLM\...\Run: [jv16 PT 2017 (Startup Optimizer)] => "C:\Program Files (x86)\jv16 PowerTools 2017\jv16pt_PreWorker2.exe" /StartupOptimizer /PT:"C:\Program Files (x86)\jv16 PowerTools 2017\" (Brak pliku) HKLM\...\Run: [EasySettingBox] => [X] HKLM-x32\...\Run: [EasySettingBox] => [X] GroupPolicy: Ograniczenia ? <==== UWAGA Policies: C:\ProgramData\NTUSER.pol: Ograniczenia <==== UWAGA HKLM\SOFTWARE\Policies\Mozilla\Firefox: Ograniczenia <==== UWAGA Task: {0AF63F2E-DDA7-4872-AA7D-BCACA31ED565} - System32\Tasks\Microsoft\Windows\rempl\shell-compact => C:\Program Files\rempl\remsh.exe /RunCompactOnly (Brak pliku) Task: {42C00987-0598-4731-82FF-9F6A7205E190} - System32\Tasks\e-pity2015a_kwiecien => D:\Program Files (x86)\e-file\e-pity2015\Assets\signxml.exe notify 2 01.05.2017 (Brak pliku) Task: {62272503-65DA-4375-9C2D-F603ABEDA6FE} - System32\Tasks\Microsoft\Windows\rempl\shell-restore => C:\Program Files\rempl\remsh.exe /RunRestoreHealthOnly (Brak pliku) Task: {6F3BD5E7-9DE8-45E5-9F4C-4137796F4B5F} - System32\Tasks\e-pity2015a_styczen => D:\Program Files (x86)\e-file\e-pity2015\Assets\signxml.exe notify 1 31.01.2017 (Brak pliku) Task: {760C271A-834C-4D52-8893-10F6E13D8BE8} - System32\Tasks\Microsoft\Windows\rempl\shell => C:\Program Files\rempl\remsh.exe (Brak pliku) Task: {89587F1E-E580-49C9-A078-7F26205D38F1} - System32\Tasks\e-pity2016a_kwiecien => D:\Program Files (x86)\e-file\e-pity\Assets\signxml.exe notify 2 30.04.2018 (Brak pliku) Task: {A929299C-2B91-4B02-B218-28B8D119FBC1} - System32\Tasks\Microsoft\Windows\rempl\shell-maintenance => C:\Program Files\rempl\remsh.exe /RunMaintenanceTasksOnly (Brak pliku) Task: {CD27C972-1565-41AA-9AC1-813026D733B8} - System32\Tasks\e-pity2016a_styczen => D:\Program Files (x86)\e-file\e-pity\Assets\signxml.exe notify 1 31.01.2018 (Brak pliku) Task: {FB142FBE-BF2F-4B3B-90D0-D8E9A6EA53FD} - System32\Tasks\{7D2414B5-D972-4614-A9C3-7B88371A4590} => E:\Torrenty\Trackmania\Trackmania.Turbo-P2P\Play TrackmaniaTurbo.exe (Brak pliku) S3 gkernel; \??\C:\Users\KUBAIM~1\AppData\Local\Temp\gkernel.sys [X] <==== UWAGA S3 GPU-Z; \??\C:\Users\KUBAIM~1\AppData\Local\Temp\GPU-Z.sys [X] <==== UWAGA Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"} EmptyTemp: ***************** ========= reg query HKLM\SYSTEM\CurrentControlSet\services\VSS /s ========= HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS DisplayName REG_SZ @%systemroot%\system32\vssvc.exe,-102 ErrorControl REG_DWORD 0x1 ImagePath REG_EXPAND_SZ %systemroot%\system32\vssvc.exe Start REG_DWORD 0x3 Type REG_DWORD 0x10 Description REG_SZ @%systemroot%\system32\vssvc.exe,-101 DependOnService REG_MULTI_SZ RPCSS ObjectName REG_SZ LocalSystem ServiceSidType REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\SPP SppGetSnapshots (Enter) REG_BINARY 480000000000000075168E76AE63D801501A0000101A0000D20700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 SppGetSnapshots (Leave) REG_BINARY 4800000000000000F6789076AE63D801501A0000101A0000D20700000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000 SppEnumGroups (Enter) REG_BINARY 4800000000000000F6789076AE63D801501A0000101A0000D10700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 SppEnumGroups (Leave) REG_BINARY 4800000000000000F6789076AE63D801501A0000101A0000D10700000100000000000000010000000000000000000000000000000000000000000000000000000000000000000000 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VolSnap Volume{05f08a55-0283-11e6-a3cf-806e6f6e6963}DiscoverSnapshots (Enter) REG_BINARY 480000000000000002FA05EFAC63D8010000000000000000200000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000 Volume{05f08a55-0283-11e6-a3cf-806e6f6e6963}DiscoverSnapshots (Leave) REG_BINARY 480000000000000002FA05EFAC63D8010000000000000000210000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 Volume{c173d7ef-0000-0000-0050-3e4c13000000}DiscoverSnapshots (Enter) REG_BINARY 4800000000000000716D0CEFAC63D8010000000000000000200000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000 Volume{c173d7ef-0000-0000-0050-3e4c13000000}DiscoverSnapshots (Leave) REG_BINARY 4800000000000000716D0CEFAC63D8010000000000000000210000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 VolumesSafeForWrite (Enter) REG_BINARY 4800000000000000753213F2AC63D80100000000000000001E0000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000 VolumesSafeForWrite (Leave) REG_BINARY 480000000000000024F636F2AC63D80100000000000000001F0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VssapiPublisher HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Providers HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Providers\{b5946137-7b9f-4925-af80-51abd60b20d5} (Default) REG_SZ Microsoft Software Shadow Copy provider 1.0 Type REG_DWORD 0x1 Version REG_SZ 1.0.0.7 VersionId REG_SZ {00000001-0000-0000-0007-000000000001} HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Providers\{b5946137-7b9f-4925-af80-51abd60b20d5}\CLSID (Default) REG_SZ {65EE1DBA-8FF4-4a58-AC1C-3470EE2F376A} HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Settings HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Settings\WritersBlockingRevert TornComponentsBlockRevert REG_DWORD 0x1 {2707761B-2324-473D-88EB-EB007A359533} REG_SZ DFS-R Writer {B2014C9E-8711-4C5C-A5A9-3CF384484757} REG_SZ AD Writer {D76F5A28-3092-4589-BA48-2958FB88CE29} REG_SZ FRS Writer {DD846AAA-A1B6-42a8-AAF8-03DCB6114BFD} REG_SZ ADAM Writer HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\VssAccessControl NT Authority\NetworkService REG_DWORD 0x1 ========= Koniec Reg: ========= HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} => pomyślnie usunięto HKLM\Software\Wow6432Node\Classes\CLSID\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} => pomyślnie usunięto "HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\jv16 PT 2017 (Startup Optimizer)" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\EasySettingBox" => pomyślnie usunięto "HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\EasySettingBox" => pomyślnie usunięto C:\WINDOWS\system32\GroupPolicy\Machine => pomyślnie przeniesiono C:\WINDOWS\system32\GroupPolicy\GPT.ini => pomyślnie przeniesiono C:\ProgramData\NTUSER.pol => pomyślnie przeniesiono HKLM\SOFTWARE\Policies\Mozilla => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0AF63F2E-DDA7-4872-AA7D-BCACA31ED565}" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0AF63F2E-DDA7-4872-AA7D-BCACA31ED565}" => pomyślnie usunięto C:\WINDOWS\System32\Tasks\Microsoft\Windows\rempl\shell-compact => pomyślnie przeniesiono "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\rempl\shell-compact" => pomyślnie usunięto HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{42C00987-0598-4731-82FF-9F6A7205E190} => pomyślnie usunięto HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{42C00987-0598-4731-82FF-9F6A7205E190} => pomyślnie usunięto C:\WINDOWS\System32\Tasks\e-pity2015a_kwiecien => pomyślnie przeniesiono HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\e-pity2015a_kwiecien => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{62272503-65DA-4375-9C2D-F603ABEDA6FE}" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{62272503-65DA-4375-9C2D-F603ABEDA6FE}" => pomyślnie usunięto C:\WINDOWS\System32\Tasks\Microsoft\Windows\rempl\shell-restore => pomyślnie przeniesiono "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\rempl\shell-restore" => pomyślnie usunięto HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6F3BD5E7-9DE8-45E5-9F4C-4137796F4B5F} => pomyślnie usunięto HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6F3BD5E7-9DE8-45E5-9F4C-4137796F4B5F} => pomyślnie usunięto C:\WINDOWS\System32\Tasks\e-pity2015a_styczen => pomyślnie przeniesiono HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\e-pity2015a_styczen => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{760C271A-834C-4D52-8893-10F6E13D8BE8}" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{760C271A-834C-4D52-8893-10F6E13D8BE8}" => pomyślnie usunięto C:\WINDOWS\System32\Tasks\Microsoft\Windows\rempl\shell => pomyślnie przeniesiono "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\rempl\shell" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{89587F1E-E580-49C9-A078-7F26205D38F1}" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{89587F1E-E580-49C9-A078-7F26205D38F1}" => pomyślnie usunięto C:\WINDOWS\System32\Tasks\e-pity2016a_kwiecien => pomyślnie przeniesiono "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\e-pity2016a_kwiecien" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A929299C-2B91-4B02-B218-28B8D119FBC1}" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A929299C-2B91-4B02-B218-28B8D119FBC1}" => pomyślnie usunięto C:\WINDOWS\System32\Tasks\Microsoft\Windows\rempl\shell-maintenance => pomyślnie przeniesiono "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\rempl\shell-maintenance" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CD27C972-1565-41AA-9AC1-813026D733B8}" => pomyślnie usunięto "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CD27C972-1565-41AA-9AC1-813026D733B8}" => pomyślnie usunięto C:\WINDOWS\System32\Tasks\e-pity2016a_styczen => pomyślnie przeniesiono "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\e-pity2016a_styczen" => pomyślnie usunięto HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FB142FBE-BF2F-4B3B-90D0-D8E9A6EA53FD} => pomyślnie usunięto HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FB142FBE-BF2F-4B3B-90D0-D8E9A6EA53FD} => pomyślnie usunięto C:\WINDOWS\System32\Tasks\{7D2414B5-D972-4614-A9C3-7B88371A4590} => pomyślnie przeniesiono HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7D2414B5-D972-4614-A9C3-7B88371A4590} => pomyślnie usunięto HKLM\System\CurrentControlSet\Services\gkernel => pomyślnie usunięto gkernel => serwis pomyślnie usunięto HKLM\System\CurrentControlSet\Services\GPU-Z => pomyślnie usunięto GPU-Z => serwis pomyślnie usunięto ========= wevtutil el | Foreach-Object {wevtutil cl "$_"} ========= wevtutil : Failed to clear log DebugChannel. Nie mo┐na wykonaŠ ┐╣danej opera cji na w│╣czonym kanale bezpoťrednim. Przed wykonaniem ┐╣danej operacji nale ┐y wy│╣czyŠ ten kana│. At C:\FRST\tmp.ps1:1 char:31 + wevtutil el | Foreach-Object {wevtutil cl "$_"} + ~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (Failed to clear...czyŠ ten kan a│.:String) [], RemoteException + FullyQualifiedErrorId : NativeCommandError wevtutil : Failed to clear log Microsoft-RMS-MSIPC/Debug. Przekazana nazwa w yst╣pienia nie zosta│a uznana przez dostawcŕ danych WMI za prawid│ow╣. At C:\FRST\tmp.ps1:1 char:31 + wevtutil el | Foreach-Object {wevtutil cl "$_"} + ~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (Failed to clear... za prawid│o w╣.:String) [], RemoteException + FullyQualifiedErrorId : NativeCommandError wevtutil : Failed to clear log Microsoft-Windows-LiveId/Analytic. Odmowa dos tŕpu. At C:\FRST\tmp.ps1:1 char:31 + wevtutil el | Foreach-Object {wevtutil cl "$_"} + ~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (Failed to clear...Odmowa dostŕ pu.:String) [], RemoteException + FullyQualifiedErrorId : NativeCommandError wevtutil : Failed to clear log Microsoft-Windows-LiveId/Operational. Odmowa dostŕpu. At C:\FRST\tmp.ps1:1 char:31 + wevtutil el | Foreach-Object {wevtutil cl "$_"} + ~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (Failed to clear...Odmowa dostŕ pu.:String) [], RemoteException + FullyQualifiedErrorId : NativeCommandError ========= Koniec Powershell: ========= =========== EmptyTemp: ========== BITS transfer queue => 3613488 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 5258264 B Java, Flash, Steam htmlcache => 0 B Windows/system/drivers => 3336504 B Edge => 0 B Chrome => 39114682 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B ProgramData => 0 B Public => 0 B systemprofile => 128 B systemprofile32 => 256 B LocalService => 15078 B NetworkService => 921158 B Kuba i Michał => 106130562 B TEMP => 106222057 B Kuba => 106222057 B Michał => 106222057 B DefaultAppPool => 106222057 B RecycleBin => 0 B EmptyTemp: => 556.3 MB danych tymczasowych Usunięto. ================================ System wymagał restartu. ==== Koniec Fixlog 18:27:31 ====