Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja: 12.05.2018Uruchomiony

1. Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja: 12.05.2018
2. Uruchomiony przez void (16-05-2018 19:35:10) Run:2
3. Uruchomiony z C:\Users\shitter\Desktop
4. Załadowane profile: void (Dostępne profile: void & Administrator)
5. Tryb startu: Normal
6. ==============================================
7.  
8. fixlist - zawartość:
9. *****************
10. CloseProcesses:
11. CreateRestorePoint:
12. EmptyTemp:
13. VirusTotal: C:\ProgramData\msbftbgnm.exe
14. HKLM-x32\...\RunOnce: [] => [X]
15. HKU\S-1-5-21-3145501433-2751271693-2052433869-1001\...\Policies\Explorer: []
16. HKU\S-1-5-21-3145501433-2751271693-2052433869-1001\...\MountPoints2: {478ab8c4-e05d-11e7-be88-b8763f9fdb8e} - "G:\Setup.exe"
17. HKU\S-1-5-21-3145501433-2751271693-2052433869-1001\...\MountPoints2: {487e5227-cef4-11e6-be8c-b8763f9fdb8e} - "F:\autorun.exe"
18. HKU\S-1-5-21-3145501433-2751271693-2052433869-1001\...\MountPoints2: {c853757c-0361-11e8-be88-b8763f9fdb8e} - "H:\autorun.exe"
19. HKU\S-1-5-21-3145501433-2751271693-2052433869-1001\...\MountPoints2: {c8537587-0361-11e8-be88-b8763f9fdb8e} - "H:\autorun.exe"
20. Tcpip\..\Interfaces\{3B79996C-3219-4CC1-8163-8D6C46D62BC6}: [DhcpNameServer] 192.168.1.1
21. Tcpip\..\Interfaces\{76E471E9-3FCC-4313-81F1-B79177EA5F48}: [DhcpNameServer] 212.87.0.72 193.0.71.130
22. HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=HPNTDFJS
23. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=HPNTDFJS
24. HKU\S-1-5-21-3145501433-2751271693-2052433869-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=HPNTDFJS
25. HKU\S-1-5-21-3145501433-2751271693-2052433869-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPNTDFJS
26. Toolbar: HKU\S-1-5-21-3145501433-2751271693-2052433869-1001 -> Brak nazwy - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Brak pliku
27. ContextMenuHandlers1: [PDFCreator.ShellContextMenu] -> {d9cea52e-100d-4159-89ea-76e845bc13e1} => -> Brak pliku
28. Task: {3439DF23-41E5-4315-9359-3E617B4FCCF9} - System32\Tasks\{F2C41152-7938-4D07-A213-B8D3B6664DB4} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}\setup.exe" -c /z-uninstall
29. Startup: C:\Users\shitter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk [2017-11-09]
30. ShortcutTarget: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
31. Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"}
32.  
33. *****************
34.  
35. Procesy zostały pomyślnie zamknięte.
36. Punkt przywracania został pomyślnie utworzony.
37. VirusTotal: C:\ProgramData\msbftbgnm.exe => D41D8CD98F00B204E9800998ECF8427E (0-byte MD5)
38. "HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\" => pomyślnie usunięto
39. "HKU\S-1-5-21-3145501433-2751271693-2052433869-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\" => pomyślnie usunięto
40. "HKU\S-1-5-21-3145501433-2751271693-2052433869-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{478ab8c4-e05d-11e7-be88-b8763f9fdb8e}" => pomyślnie usunięto
41. HKLM\Software\Classes\CLSID\{478ab8c4-e05d-11e7-be88-b8763f9fdb8e} => nie znaleziono
42. "HKU\S-1-5-21-3145501433-2751271693-2052433869-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{487e5227-cef4-11e6-be8c-b8763f9fdb8e}" => pomyślnie usunięto
43. HKLM\Software\Classes\CLSID\{487e5227-cef4-11e6-be8c-b8763f9fdb8e} => nie znaleziono
44. "HKU\S-1-5-21-3145501433-2751271693-2052433869-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c853757c-0361-11e8-be88-b8763f9fdb8e}" => pomyślnie usunięto
45. HKLM\Software\Classes\CLSID\{c853757c-0361-11e8-be88-b8763f9fdb8e} => nie znaleziono
46. "HKU\S-1-5-21-3145501433-2751271693-2052433869-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c8537587-0361-11e8-be88-b8763f9fdb8e}" => pomyślnie usunięto
47. HKLM\Software\Classes\CLSID\{c8537587-0361-11e8-be88-b8763f9fdb8e} => nie znaleziono
48. "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3B79996C-3219-4CC1-8163-8D6C46D62BC6}\\DhcpNameServer" => pomyślnie usunięto
49. "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{76E471E9-3FCC-4313-81F1-B79177EA5F48}\\DhcpNameServer" => pomyślnie usunięto
50. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyślnie przywrócono
51. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyślnie przywrócono
52. HKU\S-1-5-21-3145501433-2751271693-2052433869-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyślnie przywrócono
53. HKU\S-1-5-21-3145501433-2751271693-2052433869-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Wartość pomyślnie przywrócono
54. "HKU\S-1-5-21-3145501433-2751271693-2052433869-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => pomyślnie usunięto
55. HKLM\Software\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => nie znaleziono
56. "HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\PDFCreator.ShellContextMenu" => pomyślnie usunięto
57. HKLM\Software\Classes\CLSID\{d9cea52e-100d-4159-89ea-76e845bc13e1} => nie znaleziono
58. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3439DF23-41E5-4315-9359-3E617B4FCCF9}" => pomyślnie usunięto
59. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3439DF23-41E5-4315-9359-3E617B4FCCF9}" => pomyślnie usunięto
60. C:\Windows\System32\Tasks\{F2C41152-7938-4D07-A213-B8D3B6664DB4} => pomyślnie przeniesiono
61. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F2C41152-7938-4D07-A213-B8D3B6664DB4}" => pomyślnie usunięto
62. C:\Users\shitter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk => pomyślnie przeniesiono
63. C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE => pomyślnie przeniesiono
64.  
65. ========= wevtutil el | Foreach-Object {wevtutil cl "$_"} =========
66.  
67.  
68. ========= Koniec Powershell: =========
69.  
70.  
71. =========== EmptyTemp: ==========
72.  
73. BITS transfer queue => 8388608 B
74. DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 9686590 B
75. Java, Flash, Steam htmlcache => 0 B
76. Windows/system/drivers => 1878129 B
77. Edge => 0 B
78. Chrome => 0 B
79. Firefox => 15799402 B
80. Opera => 395784626 B
81.  
82. Temp, IE cache, history, cookies, recent:
83. Default => 0 B
84. Users => 0 B
85. ProgramData => 0 B
86. Public => 0 B
87. systemprofile => 0 B
88. systemprofile32 => 128 B
89. LocalService => 1386 B
90. NetworkService => 0 B
91. shitter => 7608831 B
92. Administrator => 0 B
93.  
94. RecycleBin => 544 B
95. EmptyTemp: => 418.8 MB danych tymczasowych Usunięto.
96.  
97. ================================
98.  
99.  
100. System wymagał restartu.
101.  
102. ==== Koniec Fixlog 19:37:23 ====