Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja: 20.06.2018 Uruchomiony przez Czechu (25-06-2018 23:01:17) Run:1 Uruchomiony z C:\Users\Czechu\Desktop Załadowane profile: Czechu (Dostępne profile: Czechu) Tryb startu: Safe Mode (minimal) ============================================== fixlist - zawartość: ***************** CloseProcesses: CreateRestorePoint: EmptyTemp: VirusTotal: C:\Users\Czechu\AppData\Roaming\kUIDi.exe VirusTotal: C:\Users\Czechu\AppData\Local\IUVHXR.exe HKU\S-1-5-21-3555358023-88972687-1571437051-1000\...\MountPoints2: {0dc186fa-29e0-11e8-b274-d43d7eb58242} - F:\LaunchU3.exe -a HKU\S-1-5-21-3555358023-88972687-1571437051-1000\...\MountPoints2: {c48d2ee7-34d7-11e8-a4b9-d43d7eb58242} - H:\HiSuiteDownLoader.exe ShortcutTarget: Wysyłanie do programu OneNote.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Brak pliku) CHR HKLM-x32\...\Chrome\Extension: [gannpgaobkkhmpomoijebaigcapoeebl] - hxxps://clients2.google.com/service/update2/crx U3 aswbdisk; Brak ImagePath S3 VGPU; System32\drivers\rdvgkmd.sys [X] 2009-07-14 03:14 - 2009-07-14 03:14 - 000073216 ____N (Microsoft Corporation) C:\Users\Czechu\AppData\Roaming\kUIDi.exe 2009-07-14 03:14 - 2009-07-14 03:14 - 000186368 ____N (Microsoft Corporation) C:\Users\Czechu\AppData\Roaming\wYOrcuvaCi.exe 2009-07-14 03:14 - 2009-07-14 03:14 - 000073216 ____N (Microsoft Corporation) C:\Users\Czechu\AppData\Local\IUVHXR.exe ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku Task: {3A6D6BB0-E7A7-4B47-B1B8-98223ED4F8F1} - System32\Tasks\{6F52DC6F-0B79-407B-AEC5-F772A0167450} => C:\Windows\system32\pcalua.exe -a E:\setup.exe -d E:\ Task: {AC325AA8-16E4-4C1B-9C15-CBB627A18925} - System32\Tasks\{699A13EA-880E-4A62-96B8-07FB00350EC8} => C:\Windows\system32\pcalua.exe -a "D:\Program Files (x86)\Deluxe Ski Jump 4\Setup.exe" -d "D:\Program Files (x86)\Deluxe Ski Jump 4" Task: {FCF8B1FC-75AF-4C00-95F1-5D97830F72DE} - System32\Tasks\{059748B7-8D11-4CD7-A79C-9FFBD77F39AC} => C:\Users\Czechu\AppData\Roaming\kUIDi.exe [2009-07-14] (Microsoft Corporation) <==== UWAGA AlternateDataStreams: C:\Users\Public\AppData:CSM [464] FirewallRules: [{F151B55E-E05F-4747-AADF-854BF6BA99A9}] => (Allow) C:\Users\Czechu\AppData\Roaming\kUIDi.exe FirewallRules: [{7CB47AAF-9259-4A46-85F8-6F697D0607F5}] => (Allow) C:\Users\Czechu\AppData\Local\IUVHXR.exe CMD: dir /a "C:\Users\Czechu\AppData\Roaming" CMD: dir /a "C:\Users\Czechu\AppData\Local" ***************** Procesy zostały pomyślnie zamknięte. Błąd: Punkt przywracania można utworzyć tylko w trybie normalnym. VirusTotal: C:\Users\Czechu\AppData\Roaming\kUIDi.exe => (3) Błąd VirusTotal: C:\Users\Czechu\AppData\Local\IUVHXR.exe => (3) Błąd "HKU\S-1-5-21-3555358023-88972687-1571437051-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0dc186fa-29e0-11e8-b274-d43d7eb58242}" => pomyślnie usunięto HKLM\Software\Classes\CLSID\{0dc186fa-29e0-11e8-b274-d43d7eb58242} => nie znaleziono "HKU\S-1-5-21-3555358023-88972687-1571437051-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c48d2ee7-34d7-11e8-a4b9-d43d7eb58242}" => pomyślnie usunięto HKLM\Software\Classes\CLSID\{c48d2ee7-34d7-11e8-a4b9-d43d7eb58242} => nie znaleziono "C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE" => nie znaleziono "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gannpgaobkkhmpomoijebaigcapoeebl" => pomyślnie usunięto "HKLM\System\CurrentControlSet\Services\aswbdisk" => pomyślnie usunięto aswbdisk => serwis pomyślnie usunięto "HKLM\System\CurrentControlSet\Services\VGPU" => pomyślnie usunięto VGPU => serwis pomyślnie usunięto C:\Users\Czechu\AppData\Roaming\kUIDi.exe => pomyślnie przeniesiono C:\Users\Czechu\AppData\Roaming\wYOrcuvaCi.exe => pomyślnie przeniesiono C:\Users\Czechu\AppData\Local\IUVHXR.exe => pomyślnie przeniesiono "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw" => pomyślnie usunięto HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => nie znaleziono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3A6D6BB0-E7A7-4B47-B1B8-98223ED4F8F1}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3A6D6BB0-E7A7-4B47-B1B8-98223ED4F8F1}" => pomyślnie usunięto C:\Windows\System32\Tasks\{6F52DC6F-0B79-407B-AEC5-F772A0167450} => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6F52DC6F-0B79-407B-AEC5-F772A0167450}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AC325AA8-16E4-4C1B-9C15-CBB627A18925}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC325AA8-16E4-4C1B-9C15-CBB627A18925}" => pomyślnie usunięto C:\Windows\System32\Tasks\{699A13EA-880E-4A62-96B8-07FB00350EC8} => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{699A13EA-880E-4A62-96B8-07FB00350EC8}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FCF8B1FC-75AF-4C00-95F1-5D97830F72DE}" => pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FCF8B1FC-75AF-4C00-95F1-5D97830F72DE}" => pomyślnie usunięto C:\Windows\System32\Tasks\{059748B7-8D11-4CD7-A79C-9FFBD77F39AC} => pomyślnie przeniesiono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{059748B7-8D11-4CD7-A79C-9FFBD77F39AC}" => pomyślnie usunięto C:\Users\Public\AppData => ":CSM" ADS pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F151B55E-E05F-4747-AADF-854BF6BA99A9}" => pomyślnie usunięto "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7CB47AAF-9259-4A46-85F8-6F697D0607F5}" => pomyślnie usunięto ========= dir /a "C:\Users\Czechu\AppData\Roaming" ========= Wolumin w stacji C nie ma etykiety. Numer seryjny woluminu: 0862-A557 Katalog: C:\Users\Czechu\AppData\Roaming 2018-06-25 23:01 . 2018-06-25 23:01 .. 2018-03-23 13:15 Adobe 2018-05-03 21:52 Bitdefender 2018-06-07 10:36 DAEMON Tools Lite 2018-05-22 16:03 discord 2018-05-03 20:53 EasyAntiCheat 2018-06-20 19:45 HP 2018-02-26 21:47 Identities 2018-02-28 12:33 Macromedia 2011-04-12 15:32 Media Center Programs 2018-06-25 20:52 Microsoft 2018-04-16 10:11 Moje pliki Bitwy o —r˘dziemiet II 2018-02-26 22:28 Mozilla 2018-06-23 11:31 NVIDIA 2018-03-05 10:37 OpenOffice 2018-03-19 13:19 Opera Software 2018-06-20 14:41 Origin 2018-06-07 10:34 PowerISO 2018-06-23 11:31 Publish Providers 2018-05-03 21:50 QuickScan 2018-03-19 13:31 Skype 2018-06-23 12:03 Sony 2018-06-25 15:32 TS3Client 2018-06-25 15:32 uTorrent 2018-06-19 17:29 vlc 2018-03-15 13:46 WinRAR 2018-06-25 14:49 Wise Euask 2018-06-25 14:50 Wise Registry Cleaner 0 plik(˘w) 0 bajt˘w 29 katalog(˘w) 52˙261˙179˙392 bajt˘w wolnych ========= Koniec CMD: ========= ========= dir /a "C:\Users\Czechu\AppData\Local" ========= Wolumin w stacji C nie ma etykiety. Numer seryjny woluminu: 0862-A557 Katalog: C:\Users\Czechu\AppData\Local 2018-06-25 23:01 . 2018-06-25 23:01 .. 2018-04-21 18:04 Adobe 2018-02-26 23:25 CEF 2018-06-25 15:32 CrashDumps 2018-02-26 21:47 Dane aplikacji [C:\Users\Czechu\AppData\Local] 2018-06-23 11:01 4˙608 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2018-04-04 10:28 Diagnostics 2018-05-22 16:03 Discord 2018-06-07 10:36 Disc_Soft_Ltd 2018-03-20 09:50 EpicGamesLauncher 2018-03-31 12:15 fontconfig 2018-03-20 10:53 FortniteGame 2018-06-08 10:41 119˙192 GDIPFONTCACHEV1.DAT 2018-03-31 12:15 gegl-0.2 2018-03-09 17:36 Google 2018-06-13 11:28 gtk-2.0 2018-02-26 23:31 HirezLauncherUI 2018-02-26 21:47 Historia [C:\Users\Czechu\AppData\Local\Microsoft\Windows\History] 2018-06-20 19:45 HP 2018-06-25 23:00 942˙724 IconCache.db 2018-06-13 10:59 Microsoft 2018-06-08 08:27 Microsoft Help 2018-02-26 22:38 Mozilla 2018-06-23 11:42 NVIDIA 2018-04-05 09:42 NVIDIA Corporation 2018-03-19 13:19 Opera Software 2018-05-04 11:43 Origin 2018-03-02 17:04 Programs 2018-06-13 11:28 13˙048 recently-used.xbel 2018-03-11 15:19 SCE 2018-06-23 11:30 Sony 2018-06-24 16:32 Sports Interactive 2018-02-26 23:44 SquirrelTemp 2018-02-26 23:32 Steam 2018-06-25 23:01 Temp 2018-02-26 21:47 Temporary Internet Files [C:\Users\Czechu\AppData\Local\Microsoft\Windows\Temporary Internet Files] 2018-03-20 10:53 UnrealEngine 2018-03-20 09:50 UnrealEngineLauncher 2018-02-26 22:42 VirtualStore 2018-06-24 14:09 2 WMI.ini 2018-06-11 10:13 WMTools Downloaded Files 5 plik(˘w) 1˙079˙574 bajt˘w 37 katalog(˘w) 52˙261˙179˙392 bajt˘w wolnych ========= Koniec CMD: ========= =========== EmptyTemp: ========== BITS transfer queue => 0 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 13639648 B Java, Flash, Steam htmlcache => 74579984 B Windows/system/drivers => 1008778 B Edge => 0 B Chrome => 0 B Firefox => 381677287 B Opera => 0 B Temp, IE cache, history, cookies, recent: Users => 0 B Default => 0 B Public => 0 B ProgramData => 0 B systemprofile => 101090 B systemprofile32 => 66228 B LocalService => 115483 B NetworkService => 0 B Czechu => 1224613900 B RecycleBin => 0 B EmptyTemp: => 1.6 GB danych tymczasowych Usunięto. ================================ System wymagał restartu. ==== Koniec Fixlog 23:01:25 ====