Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja: 02.08.2018
Uruchomiony przez kryst (11-08-2018 17:05:59) Run:1
Uruchomiony z C:\Users\kryst\Desktop
Załadowane profile: kryst (Dostępne profile: kryst)
Tryb startu: Normal
==============================================

fixlist - zawartość:
*****************
CloseProcesses:
CreateRestorePoint:
EmptyTemp:
VirusTotal: C:\Users\kryst\AppData\Roaming\auEUTuuyYf.exe
HKU\S-1-5-21-3365352445-2847475061-7724402-1001\...\MountPoints2: {e92d4d14-85fc-11e8-9308-9822efd17fda} - "H:\setup.exe" 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk [2018-07-13]
ShortcutTarget: $McRebootA5E6DEAA56$.lnk ->  (Brak pliku)
Tcpip\..\Interfaces\{9554b0dd-7245-4f2a-b5f5-fa3b0d44ac37}: [DhcpNameServer] 150.213.1.3
Tcpip\..\Interfaces\{fbf5796f-c0d2-4471-8923-c3ed12624223}: [DhcpNameServer] 192.168.0.1
2018-04-12 01:34 - 2018-04-12 01:34 - 000178688 ____N (Microsoft Corporation) C:\Users\kryst\AppData\Roaming\auEUTuuyYf.exe
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Brak pliku
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Brak pliku
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Brak pliku
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> Brak pliku
Task: {5FE9D80C-36E3-40CF-BDEC-32DB4168CBC3} - System32\Tasks\LenovoUtility Task => C:\Windows\explorer.exe lenovo-utility://
Task: {6CDFA924-E534-4F21-BD7E-12182156D824} - System32\Tasks\{0415EB58-6298-1908-CE83-1C7CDFA0EA49} => "C:\Program Files\Mozilla Firefox\firefox.exe" hxxp://first-news.org/cl/?guid=dwrqmwhrkrco82i5wjwmv5h0sz34tcwx&prid=1&pid=4_1324_0
Task: {BC963068-45DA-4EE5-B5A4-03A2566B0418} - System32\Tasks\{E0F31E62-2061-5959-34DD-DD32C558C1BD} => C:\WINDOWS\TUReUuSj.exe [2018-04-12] (Microsoft Corporation)
Task: {EB64B78C-2B8C-4029-BDDA-945F3DD4DBEB} - System32\Tasks\{1209305D-92E7-7041-7D26-3B779D3ECF62} => C:\WINDOWS\YJaGdw.exe [2018-04-12] (Microsoft Corporation)
C:\Users\kryst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo App Explorer.lnk
FilesInDirectory: C:\Users\kryst\AppData\Local\*.exe;*.dll;*.ini
FilesInDirectory: C:\Users\kryst\AppData\Roaming\*.exe;*.dll;*.ini
FilesInDirectory: C:\WINDOWS\*.exe

*****************

Procesy zostały pomyślnie zamknięte.
Punkt przywracania został pomyślnie utworzony.
VirusTotal: C:\Users\kryst\AppData\Roaming\auEUTuuyYf.exe => https://www.virustotal.com/file/ffabee87d6e0159ab95b73a367499dbe9689f887fe23b5919ef86095f3b930aa/analysis/1533920182/
"HKU\S-1-5-21-3365352445-2847475061-7724402-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e92d4d14-85fc-11e8-9308-9822efd17fda}" => pomyślnie usunięto
HKLM\Software\Classes\CLSID\{e92d4d14-85fc-11e8-9308-9822efd17fda} => nie znaleziono
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk => pomyślnie przeniesiono
"ShortcutTarget: $McRebootA5E6DEAA56$.lnk ->  (Brak pliku)" => nie znaleziono
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9554b0dd-7245-4f2a-b5f5-fa3b0d44ac37}\\DhcpNameServer" => pomyślnie usunięto
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{fbf5796f-c0d2-4471-8923-c3ed12624223}\\DhcpNameServer" => pomyślnie usunięto
C:\Users\kryst\AppData\Roaming\auEUTuuyYf.exe => pomyślnie przeniesiono
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw" => pomyślnie usunięto
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => nie znaleziono
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg" => pomyślnie usunięto
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => nie znaleziono
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\00avg" => pomyślnie usunięto
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => nie znaleziono
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui" => pomyślnie usunięto
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => nie znaleziono
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5FE9D80C-36E3-40CF-BDEC-32DB4168CBC3}" => pomyślnie usunięto
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5FE9D80C-36E3-40CF-BDEC-32DB4168CBC3}" => pomyślnie usunięto
C:\WINDOWS\System32\Tasks\LenovoUtility Task => pomyślnie przeniesiono
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LenovoUtility Task" => pomyślnie usunięto
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6CDFA924-E534-4F21-BD7E-12182156D824}" => pomyślnie usunięto
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6CDFA924-E534-4F21-BD7E-12182156D824}" => pomyślnie usunięto
C:\WINDOWS\System32\Tasks\{0415EB58-6298-1908-CE83-1C7CDFA0EA49} => pomyślnie przeniesiono
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0415EB58-6298-1908-CE83-1C7CDFA0EA49}" => pomyślnie usunięto
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BC963068-45DA-4EE5-B5A4-03A2566B0418}" => pomyślnie usunięto
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BC963068-45DA-4EE5-B5A4-03A2566B0418}" => pomyślnie usunięto
C:\WINDOWS\System32\Tasks\{E0F31E62-2061-5959-34DD-DD32C558C1BD} => pomyślnie przeniesiono
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E0F31E62-2061-5959-34DD-DD32C558C1BD}" => pomyślnie usunięto
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EB64B78C-2B8C-4029-BDDA-945F3DD4DBEB}" => pomyślnie usunięto
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EB64B78C-2B8C-4029-BDDA-945F3DD4DBEB}" => pomyślnie usunięto
C:\WINDOWS\System32\Tasks\{1209305D-92E7-7041-7D26-3B779D3ECF62} => pomyślnie przeniesiono
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1209305D-92E7-7041-7D26-3B779D3ECF62}" => pomyślnie usunięto
C:\Users\kryst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo App Explorer.lnk => pomyślnie przeniesiono

========================= FilesInDirectory: C:\Users\kryst\AppData\Local\*.exe;*.dll;*.ini ========================

2018-08-09 20:42 - 2018-08-09 20:42 - 000000002 ____A [23B58DEF11B45727D3351702515F86AF] () C:\Users\kryst\AppData\Local\imw.ini

====== Koniec  Filesindirectory ======

========================= FilesInDirectory: C:\Users\kryst\AppData\Roaming\*.exe;*.dll;*.ini ========================


====== Koniec  Filesindirectory ======

========================= FilesInDirectory: C:\WINDOWS\*.exe ========================

2018-04-12 01:34 - 2018-04-12 01:34 - 000067072 ____A [178BA90AA13F6F834E5C060DC923FB55] (Microsoft Corporation) C:\WINDOWS\bfsvc.exe
2018-07-13 19:02 - 2018-07-13 19:02 - 003932672 ____A [E4A81EDDFF8B844D85C8B45354E4144E] (Microsoft Corporation) C:\WINDOWS\explorer.exe
2018-07-13 19:02 - 2018-07-13 19:02 - 001054720 ____A [FFD31D96B8D4BAB8B0F83E42B7430A54] (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2018-04-12 01:34 - 2018-04-12 01:34 - 000017920 ____A [A50C9DF7603E2F1AEA6B54053794A326] (Microsoft Corporation) C:\WINDOWS\hh.exe
2018-07-13 18:26 - 2018-07-13 18:26 - 000245760 ____A [9512E1CC66A1D36FEB0A290CAB09087B] (Microsoft Corporation) C:\WINDOWS\notepad.exe
2018-04-12 01:34 - 2018-04-12 01:34 - 000336384 ____A [AC91328EE5CFFBD695CE912F75F876F6] (Microsoft Corporation) C:\WINDOWS\regedit.exe
2018-04-12 01:34 - 2018-04-12 01:34 - 000130560 ____A [8D59B31FF375059E3C32B17BF31A76D5] (Microsoft Corporation) C:\WINDOWS\splwow64.exe
2018-04-12 01:34 - 2018-04-12 01:34 - 000059904 ____N [12C17B5A5C2A7B97342C362CA467E9A2] (Microsoft Corporation) C:\WINDOWS\TUReUuSj.exe
2018-04-12 01:34 - 2018-04-12 01:34 - 000011776 ____A [EE1F0DE1ED3E8A5BF080B3497049969E] (Microsoft Corporation) C:\WINDOWS\winhlp32.exe
2018-04-12 01:34 - 2018-04-12 01:34 - 000011264 ____A [5266C61652051E9EF3A4D199001F6B17] (Microsoft Corporation) C:\WINDOWS\write.exe
2018-04-12 01:34 - 2018-04-12 01:34 - 000059904 ____N [12C17B5A5C2A7B97342C362CA467E9A2] (Microsoft Corporation) C:\WINDOWS\YJaGdw.exe

====== Koniec  Filesindirectory ======

=========== EmptyTemp: ==========

BITS transfer queue => 7364608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 12625887 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 0 B
Edge => 0 B
Chrome => 0 B
Firefox => 383802979 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 1822 B
LocalService => 0 B
NetworkService => 0 B
NetworkService => 0 B
kryst => 53138 B

RecycleBin => 245735 B
EmptyTemp: => 385.4 MB danych tymczasowych Usunięto.

================================


System wymagał restartu.

==== Koniec  Fixlog 17:08:22 ====