API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Aug 7th, 2018
185
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 10.53 KB | None | 0 0
raw download clone embed print report
  1. Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja: 02.08.2018
  2. Uruchomiony przez Piotr (06-08-2018 20:47:48) Run:1
  3. Uruchomiony z C:\Users\Piotr\Downloads
  4. Załadowane profile: Piotr (Dostępne profile: Piotr)
  5. Tryb startu: Normal
  6. ==============================================
  7.  
  8. fixlist - zawartość:
  9. *****************
  10. CloseProcesses:
  11. CreateRestorePoint:
  12. HKLM-x32\...\Run: [] => [X]
  13. HKLM\...\Policies\Explorer: [DontSetAutoplayCheckbox] 1
  14. HKLM\...\Policies\Explorer: [NoAutorun] 1
  15. HKU\S-1-5-21-2017556882-1012067169-1282704492-1001\...\Policies\Explorer: []
  16. HKU\S-1-5-21-2017556882-1012067169-1282704492-1001\...\Policies\Explorer: [DontSetAutoplayCheckbox] 1
  17. HKU\S-1-5-21-2017556882-1012067169-1282704492-1001\...\Policies\Explorer: [NoAutorun] 1
  18. HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <==== UWAGA
  19. HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
  20. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
  21. HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
  22. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
  23. HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
  24. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
  25. FF Plugin: @microsoft.com/GENUINE -> disabled [Brak pliku]
  26. FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Brak pliku]
  27. R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [152688 2018-07-23] (Malwarebytes)
  28. R3 ALSysIO; \??\e:\TEMP\ALSysIO64.sys [X]
  29. S3 GPCIDrv; \??\C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\GPCIDrv64.sys [X]
  30. S3 GPU-Z; \??\z:\TEMP\GPU-Z.sys [X]
  31. C:\ProgramData\agent.uninstall.1533067724.bdinstall.bin
  32. C:\ProgramData\cl.uninstall.1530631931.bdinstall.bin
  33. C:\ProgramData\dm.uninstall.1530631933.bdinstall.bin
  34. C:\Windows\system32\Drivers\EpfwLWF.sys
  35. C:\ProgramData\Bitdefender
  36. C:\Users\Piotr\Documents\temp
  37. C:\TEMP
  38. MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\Piotr\AppData\Local\Akamai\netsession_win.exe"
  39. Task: {09D6A2EC-C4B8-44A3-8389-49D39184ABED} - System32\Tasks\{B3ACD063-E411-4A5B-8F4E-15E5922388D0} => C:\Windows\system32\pcalua.exe -a E:\Downloads\ELSA\VW\9.Base_01.2017\setup.exe -d E:\Downloads\ELSA\VW\9.Base_01.2017
  40. Task: {1E7106F9-80F7-4C14-B556-2194975F6C6D} - System32\Tasks\GIGABYTE OC GURU => C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\OC_GURU.exe
  41. Task: {53190DA1-7E03-464E-94A6-5F15944B682F} - System32\Tasks\{4CB2EDC5-AAA2-46E4-9A1E-DBBABA28686B} => C:\Windows\system32\pcalua.exe -a H:\SDSwitch.exe -d H:\
  42. Task: {A6C088F1-B72A-4FBE-9F3D-83B28D296A3F} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2017-12-21] (Nota Inc.)
  43. Task: {C37FD751-49E7-45FF-B1FB-02AB277E5778} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-03-21] (Adobe Systems Incorporated)
  44. Task: {C5915FCD-89E3-49D2-A3C5-B29A88402C3F} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2017-12-21] (Nota Inc.)
  45. Task: {F0A5B030-D7B5-4083-85C4-78C3E9B1D510} - System32\Tasks\NoAutorun => C:\Users\Piotr\AppData\Local\Temp\Rar$EXa5680.40634\NoAutorun.exe <==== UWAGA
  46. VirusTotal: C:\Windows\System32\Drivers\CH341S64.SYS
  47. Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"}
  48. EmptyTemp:
  49. *****************
  50.  
  51. Procesy zostały pomyślnie zamknięte.
  52. Punkt przywracania został pomyślnie utworzony.
  53. "HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => pomyślnie usunięto
  54. "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DontSetAutoplayCheckbox" => pomyślnie usunięto
  55. "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoAutorun" => pomyślnie usunięto
  56. "HKU\S-1-5-21-2017556882-1012067169-1282704492-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\" => pomyślnie usunięto
  57. "HKU\S-1-5-21-2017556882-1012067169-1282704492-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DontSetAutoplayCheckbox" => pomyślnie usunięto
  58. "HKU\S-1-5-21-2017556882-1012067169-1282704492-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoAutorun" => pomyślnie usunięto
  59. "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => pomyślnie usunięto
  60. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyślnie przywrócono
  61. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyślnie przywrócono
  62. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Wartość pomyślnie przywrócono
  63. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Wartość pomyślnie przywrócono
  64. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Wartość pomyślnie przywrócono
  65. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Wartość pomyślnie przywrócono
  66. "HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => pomyślnie usunięto
  67. "HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => pomyślnie usunięto
  68. ESProtectionDriver => Usługa pomyślnie zatrzymana.
  69. "HKLM\System\CurrentControlSet\Services\ESProtectionDriver" => pomyślnie usunięto
  70. ESProtectionDriver => serwis pomyślnie usunięto
  71. ALSysIO => Usługa pomyślnie zatrzymana.
  72. "HKLM\System\CurrentControlSet\Services\ALSysIO" => pomyślnie usunięto
  73. ALSysIO => serwis pomyślnie usunięto
  74. "HKLM\System\CurrentControlSet\Services\GPCIDrv" => pomyślnie usunięto
  75. GPCIDrv => serwis pomyślnie usunięto
  76. "HKLM\System\CurrentControlSet\Services\GPU-Z" => pomyślnie usunięto
  77. GPU-Z => serwis pomyślnie usunięto
  78. C:\ProgramData\agent.uninstall.1533067724.bdinstall.bin => pomyślnie przeniesiono
  79. C:\ProgramData\cl.uninstall.1530631931.bdinstall.bin => pomyślnie przeniesiono
  80. C:\ProgramData\dm.uninstall.1530631933.bdinstall.bin => pomyślnie przeniesiono
  81. C:\Windows\system32\Drivers\EpfwLWF.sys => pomyślnie przeniesiono
  82. C:\ProgramData\Bitdefender => pomyślnie przeniesiono
  83. C:\Users\Piotr\Documents\temp => pomyślnie przeniesiono
  84. C:\TEMP => pomyślnie przeniesiono
  85. "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Akamai NetSession Interface" => pomyślnie usunięto
  86. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{09D6A2EC-C4B8-44A3-8389-49D39184ABED}" => pomyślnie usunięto
  87. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{09D6A2EC-C4B8-44A3-8389-49D39184ABED}" => pomyślnie usunięto
  88. C:\Windows\System32\Tasks\{B3ACD063-E411-4A5B-8F4E-15E5922388D0} => pomyślnie przeniesiono
  89. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B3ACD063-E411-4A5B-8F4E-15E5922388D0}" => pomyślnie usunięto
  90. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{1E7106F9-80F7-4C14-B556-2194975F6C6D}" => pomyślnie usunięto
  91. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1E7106F9-80F7-4C14-B556-2194975F6C6D}" => pomyślnie usunięto
  92. C:\Windows\System32\Tasks\GIGABYTE OC GURU => pomyślnie przeniesiono
  93. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GIGABYTE OC GURU" => pomyślnie usunięto
  94. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{53190DA1-7E03-464E-94A6-5F15944B682F}" => pomyślnie usunięto
  95. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{53190DA1-7E03-464E-94A6-5F15944B682F}" => pomyślnie usunięto
  96. C:\Windows\System32\Tasks\{4CB2EDC5-AAA2-46E4-9A1E-DBBABA28686B} => pomyślnie przeniesiono
  97. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4CB2EDC5-AAA2-46E4-9A1E-DBBABA28686B}" => pomyślnie usunięto
  98. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A6C088F1-B72A-4FBE-9F3D-83B28D296A3F}" => pomyślnie usunięto
  99. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A6C088F1-B72A-4FBE-9F3D-83B28D296A3F}" => pomyślnie usunięto
  100. C:\Windows\System32\Tasks\GyazoUpdateTaskMachineDaily => pomyślnie przeniesiono
  101. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GyazoUpdateTaskMachineDaily" => pomyślnie usunięto
  102. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C37FD751-49E7-45FF-B1FB-02AB277E5778}" => pomyślnie usunięto
  103. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C37FD751-49E7-45FF-B1FB-02AB277E5778}" => pomyślnie usunięto
  104. C:\Windows\System32\Tasks\Adobe Acrobat Update Task => pomyślnie przeniesiono
  105. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Acrobat Update Task" => pomyślnie usunięto
  106. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C5915FCD-89E3-49D2-A3C5-B29A88402C3F}" => pomyślnie usunięto
  107. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C5915FCD-89E3-49D2-A3C5-B29A88402C3F}" => pomyślnie usunięto
  108. C:\Windows\System32\Tasks\GyazoUpdateTaskMachine => pomyślnie przeniesiono
  109. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GyazoUpdateTaskMachine" => pomyślnie usunięto
  110. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F0A5B030-D7B5-4083-85C4-78C3E9B1D510}" => pomyślnie usunięto
  111. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F0A5B030-D7B5-4083-85C4-78C3E9B1D510}" => pomyślnie usunięto
  112. C:\Windows\System32\Tasks\NoAutorun => pomyślnie przeniesiono
  113. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NoAutorun" => pomyślnie usunięto
  114. VirusTotal: C:\Windows\System32\Drivers\CH341S64.SYS => https://www.virustotal.com/file/1a48a57d7ff5332ad380af7884f516548db535cfe23f3ae7d5af291307cbc435/analysis/1532270582/
  115.  
  116. ========= wevtutil el | Foreach-Object {wevtutil cl "$_"} =========
  117.  
  118.  
  119. ========= Koniec Powershell: =========
  120.  
  121.  
  122. =========== EmptyTemp: ==========
  123.  
  124. BITS transfer queue => 8388608 B
  125. DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 43123025 B
  126. Java, Flash, Steam htmlcache => 180840034 B
  127. Windows/system/drivers => 0 B
  128. Edge => 0 B
  129. Chrome => 496914641 B
  130. Firefox => 18138615 B
  131. Opera => 460226238 B
  132.  
  133. Temp, IE cache, history, cookies, recent:
  134. Users => 0 B
  135. Default => 0 B
  136. Public => 0 B
  137. ProgramData => 0 B
  138. systemprofile => 58574901 B
  139. systemprofile32 => 71318 B
  140. LocalService => 66228 B
  141. NetworkService => 0 B
  142. Piotr => 7048615 B
  143.  
  144. RecycleBin => 155742360 B
  145. EmptyTemp: => 1.3 GB danych tymczasowych Usunięto.
  146.  
  147. ================================
  148.  
  149.  
  150. System wymagał restartu.
  151.  
  152. ==== Koniec Fixlog 20:48:17 ====
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!