Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja: 29-06-2021
Uruchomiony przez dawid (01-07-2021 19:18:40) Run:1
Uruchomiony z C:\Users\dawid\Downloads\Programs
Załadowane profile: dawid & postgres
Tryb startu: Normal
==============================================

fixlist - zawartość:
*****************
CreateRestorePoint:
CloseProcesses:
EmptyTemp:
File: C:\Program Files\KMSpico\Service_KMS.exe
HKU\S-1-5-21-2189424308-2120336341-826723754-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] True
HKU\S-1-5-21-2189424308-2120336341-826723754-1001\...\MountPoints2: {100e2404-bc74-11eb-9e6b-001a7dda7113} - "E:\LGAutoRun.exe" 
HKU\S-1-5-21-2189424308-2120336341-826723754-1001\...\MountPoints2: {b429d623-9db1-11ea-9b09-04d9f5d5749d} - "E:\iStudio.exe" 
HKU\S-1-5-21-2189424308-2120336341-826723754-1001\...\MountPoints2: {b7d56483-c15c-11eb-9e73-001a7dda7113} - "E:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-2189424308-2120336341-826723754-1001\...\MountPoints2: {bd32edcd-ab34-11eb-9e30-001a7dda7113} - "E:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-2189424308-2120336341-826723754-1002\...\Policies\Explorer: [NoLowDiskSpaceChecks] True
GroupPolicy: Ograniczenia ? <==== UWAGA
Policies: C:\ProgramData\NTUSER.pol: Ograniczenia <==== UWAGA
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Ograniczenia <==== UWAGA
HKLM\SOFTWARE\Policies\Google: Ograniczenia <==== UWAGA
Task: {53620F93-8E55-4AA0-B586-87E287F0F5D2} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [745664 2016-01-12] (@ByELDI -> @ByELDI) [Brak podpisu cyfrowego]
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Tcpip\..\Interfaces\{9bae79a6-d25d-431c-bba8-7fc7f3d10b6b}: [DhcpNameServer] 192.168.5.1
R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [745664 2016-01-12] (@ByELDI -> @ByELDI) [Brak podpisu cyfrowego]
2021-05-23 14:09 - 2021-07-01 12:51 - 000002548 _____ C:\WINDOWS\system32\Tasks\AutoPico Daily Restart
2020-04-20 15:52 - 2020-04-20 15:52 - 000003584 _____ C:\WINDOWS\SECOH-QAD.dll
2020-04-20 15:52 - 2020-04-20 15:52 - 000004608 _____ C:\WINDOWS\SECOH-QAD.exe
C:\Program Files\KMSpicoContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> Brak pliku
ContextMenuHandlers1: [FormatFactoryShell] -> {A3888923-CFD3-4A6B-89BF-08E6B95716E8} =>  -> Brak pliku
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> Brak pliku
ContextMenuHandlers4: [FormatFactoryShell] -> {A3888923-CFD3-4A6B-89BF-08E6B95716E8} =>  -> Brak pliku
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> Brak pliku
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mhqnqunq.sys:changelist [2286]
AlternateDataStreams: C:\ProgramData\TEMP:BC359956 [109]
HKU\S-1-5-21-2189424308-2120336341-826723754-1001\Software\Classes\regfile: regedit.exe "%1" <==== UWAGA
BHO: IVONA Reader -> {8664889D-ED18-4713-918F-E2BB69D8452B} -> C:\Program Files (x86)\IVONA\IVONA Reader\integr\IR_iexplorer2_x64.dll [2013-05-31] (IVONA Software Sp. z o.o. -> IVONA Software Sp. z o.o.)
BHO-x32: IVONA Reader -> {8664889D-ED18-4713-918F-E2BB69D8452B} -> C:\Program Files (x86)\IVONA\IVONA Reader\integr\IR_iexplorer2.dll [2013-05-31] (IVONA Software Sp. z o.o. -> IVONA Software Sp. z o.o.)
Toolbar: HKLM - IVONA Reader - {8664889D-ED18-4713-918F-E2BB69D8452B} - C:\Program Files (x86)\IVONA\IVONA Reader\integr\IR_iexplorer2_x64.dll [2013-05-31] (IVONA Software Sp. z o.o. -> IVONA Software Sp. z o.o.)
Toolbar: HKLM-x32 - IVONA Reader - {8664889D-ED18-4713-918F-E2BB69D8452B} - C:\Program Files (x86)\IVONA\IVONA Reader\integr\IR_iexplorer2.dll [2013-05-31] (IVONA Software Sp. z o.o. -> IVONA Software Sp. z o.o.)
HKLM\...\StartupApproved\StartupFolder: => "ViPER4Windows.lnk"
C:\Program Files\KMSpico
RemoveProxy:
Hosts:

*****************

Punkt przywracania został pomyślnie utworzony.
Procesy zostały pomyślnie zamknięte.

========================= File: C:\Program Files\KMSpico\Service_KMS.exe ========================

C:\Program Files\KMSpico\Service_KMS.exe
Brak podpisu cyfrowego
MD5: 8D0C31D282CC9194791EA850041C6C45
Data utworzenia i modyfikacji: 2020-04-20 15:52 - 2016-01-12 00:33
Rozmiar: 000745664
Atrybuty: ----A
Firma: @ByELDI -> @ByELDI
Wewnętrzna nazwa: Service_KMS.exe
Oryginalna nazwa: Service_KMS.exe
Produkt: Service_KMS
Opis: Service_KMS
Plik Wersja: 17.1.0.0
Produkt Wersja: 17.1.0.0
Prawa autorskie: 
VirusTotal: https://www.virustotal.com/gui/file/2b533757086499e224d5717f94a0f4c33e705398a7610219d82b9d3bc8763378/detection/f-2b533757086499e224d5717f94a0f4c33e705398a7610219d82b9d3bc8763378-1624911903

====== Koniec  File: ======

"HKU\S-1-5-21-2189424308-2120336341-826723754-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLowDiskSpaceChecks" => pomyślnie usunięto
HKU\S-1-5-21-2189424308-2120336341-826723754-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{100e2404-bc74-11eb-9e6b-001a7dda7113} => pomyślnie usunięto
HKU\S-1-5-21-2189424308-2120336341-826723754-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b429d623-9db1-11ea-9b09-04d9f5d5749d} => pomyślnie usunięto
HKU\S-1-5-21-2189424308-2120336341-826723754-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b7d56483-c15c-11eb-9e73-001a7dda7113} => pomyślnie usunięto
HKU\S-1-5-21-2189424308-2120336341-826723754-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bd32edcd-ab34-11eb-9e30-001a7dda7113} => pomyślnie usunięto
"HKU\S-1-5-21-2189424308-2120336341-826723754-1002\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLowDiskSpaceChecks" => pomyślnie usunięto
C:\WINDOWS\system32\GroupPolicy\Machine => pomyślnie przeniesiono
C:\WINDOWS\system32\GroupPolicy\GPT.ini => pomyślnie przeniesiono
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => pomyślnie przeniesiono
C:\ProgramData\NTUSER.pol => pomyślnie przeniesiono
HKLM\SOFTWARE\Policies\Mozilla => pomyślnie usunięto
HKLM\SOFTWARE\Policies\Google => pomyślnie usunięto
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{53620F93-8E55-4AA0-B586-87E287F0F5D2}" => pomyślnie usunięto
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{53620F93-8E55-4AA0-B586-87E287F0F5D2}" => pomyślnie usunięto
C:\WINDOWS\System32\Tasks\AutoPico Daily Restart => pomyślnie przeniesiono
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoPico Daily Restart" => pomyślnie usunięto
C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => pomyślnie przeniesiono
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9bae79a6-d25d-431c-bba8-7fc7f3d10b6b}\\DhcpNameServer" => pomyślnie usunięto
HKLM\System\CurrentControlSet\Services\Service KMSELDI => pomyślnie usunięto
Service KMSELDI => serwis pomyślnie usunięto
"C:\WINDOWS\system32\Tasks\AutoPico Daily Restart" => nie znaleziono
C:\WINDOWS\SECOH-QAD.dll => pomyślnie przeniesiono
C:\WINDOWS\SECOH-QAD.exe => pomyślnie przeniesiono
"C:\Program Files\KMSpicoContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> Brak pliku" => nie znaleziono
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\FormatFactoryShell => pomyślnie usunięto
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => pomyślnie usunięto
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\FormatFactoryShell => pomyślnie usunięto
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\BriefcaseMenu => pomyślnie usunięto
"HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D}" => pomyślnie usunięto
C:\WINDOWS\system32\Drivers\mhqnqunq.sys => ":changelist" ADS pomyślnie usunięto
C:\ProgramData\TEMP => ":BC359956" ADS pomyślnie usunięto
HKU\S-1-5-21-2189424308-2120336341-826723754-1001\Software\Classes\regfile => pomyślnie usunięto
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8664889D-ED18-4713-918F-E2BB69D8452B} => pomyślnie usunięto
HKLM\Software\Classes\CLSID\{8664889D-ED18-4713-918F-E2BB69D8452B} => pomyślnie usunięto
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8664889D-ED18-4713-918F-E2BB69D8452B} => pomyślnie usunięto
HKLM\Software\Wow6432Node\Classes\CLSID\{8664889D-ED18-4713-918F-E2BB69D8452B} => pomyślnie usunięto
"HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{8664889D-ED18-4713-918F-E2BB69D8452B}" => pomyślnie usunięto
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{8664889D-ED18-4713-918F-E2BB69D8452B}" => pomyślnie usunięto
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ViPER4Windows.lnk" => nie znaleziono
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\ViPER4Windows.lnk" => pomyślnie usunięto
C:\Program Files\KMSpico => pomyślnie przeniesiono

========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => pomyślnie usunięto
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => pomyślnie usunięto
"HKU\S-1-5-21-2189424308-2120336341-826723754-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => pomyślnie usunięto
"HKU\S-1-5-21-2189424308-2120336341-826723754-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => pomyślnie usunięto
"HKU\S-1-5-21-2189424308-2120336341-826723754-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => pomyślnie usunięto
"HKU\S-1-5-21-2189424308-2120336341-826723754-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => pomyślnie usunięto


========= Koniec  RemoveProxy: =========

C:\Windows\System32\Drivers\etc\hosts => pomyślnie przeniesiono
Hosts pomyślnie przywrócono.

=========== EmptyTemp: ==========

BITS transfer queue => 6316032 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 208578197 B
Java, Flash, Steam htmlcache => 510 B
Windows/system/drivers => 2476319 B
Edge => 0 B
Chrome => 495039666 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 7600 B
LocalService => 40214 B
NetworkService => 40214 B
dawid => 209321563 B
postgres => 209321563 B

RecycleBin => 0 B
EmptyTemp: => 1.1 GB danych tymczasowych Usunięto.

================================


System wymagał restartu.

==== Koniec  Fixlog 19:19:07 ====