WinUtilities Professional Edition 15.21 (HKLM-x32\...\{FC274982-5AAD-4C20-848D-4424A5043009}_is1) (Version: 15.21 - YL Computing, Inc)
Masz ten program zainstalowany, więc, wg mnie, wykrycia MBAM'u to "false positive"
Tylko kosmetyka:
Uruchom FRST.
Skopiuj to poniższe: (
ale nigdzie nie wklejaj tego!) - FRST sam znajdzie "fixlist" w schowku systemowym
Kod: Zaznacz cały
START::
CreateRestorePoint:
HKLM-x32\...\Run: [IR_SERVER] => C:\PROGRA~2\Astrometa\Astrometa DVB-T2\IR_SERVER.exe (Brak pliku)
HKU\S-1-5-21-2363239943-2186625349-2468589909-1001\...\Run: [GalaxyClient] => [X]
GroupPolicy: Ograniczenia - Chrome <==== UWAGA
Policies: C:\ProgramData\NTUSER.pol: Ograniczenia <==== UWAGA
HKLM\SOFTWARE\Policies\Microsoft\Edge: Ograniczenia <==== UWAGA
Task: {845437BB-F254-4F0B-99FB-9FA95C717D40} - System32\Tasks\Opera scheduled Autoupdate 1494448566 => D:\Program Files\do internetu\przeglądarki\Opera\launcher.exe --scheduledautoupdate $(Arg0) (Brak pliku)
AlternateDataStreams: C:\ProgramData\TEMP:0BBF232A [219]
AlternateDataStreams: C:\ProgramData\TEMP:178CF592 [236]
AlternateDataStreams: C:\ProgramData\TEMP:1ED915E2 [145]
AlternateDataStreams: C:\ProgramData\TEMP:206470A5 [0]
AlternateDataStreams: C:\ProgramData\TEMP:2B4ED5C9 [214]
AlternateDataStreams: C:\ProgramData\TEMP:39413AC3 [173]
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [136]
AlternateDataStreams: C:\ProgramData\TEMP:5ECC9F68 [242]
AlternateDataStreams: C:\ProgramData\TEMP:65E03B93 [230]
AlternateDataStreams: C:\ProgramData\TEMP:737160C1 [0]
AlternateDataStreams: C:\ProgramData\TEMP:9F3C1A6B [241]
AlternateDataStreams: C:\ProgramData\TEMP:A0045A4E [456]
AlternateDataStreams: C:\ProgramData\TEMP:B0840425 [172]
AlternateDataStreams: C:\ProgramData\TEMP:D308F81C [240]
AlternateDataStreams: C:\ProgramData\TEMP:D31D1159 [194]
AlternateDataStreams: C:\ProgramData\TEMP:DFB59A96 [107]
AlternateDataStreams: C:\ProgramData\TEMP:F68098AE [214]
AlternateDataStreams: C:\Users\Joanna\AppData\Local\desktop.ini:07a19238af92db80fe9045ca73c7a84e [802]
EmptyEventLogs:
Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"}
EmptyTemp:
END::
W FRST kliknij na Fix (NAPRAW).
.