Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja: 07-05-2017 Uruchomiony przez KubaDamaszk (07-05-2017 15:45:47) Run:8 Uruchomiony z C:\Users\KubaDamaszk\Documents\programy adware Załadowane profile: KubaDamaszk (Dostępne profile: KubaDamaszk & Administrator & Gość) Tryb startu: Normal ============================================== fixlist - zawartość: ***************** CloseProcesses: CreateRestorePoint: HKU\S-1-5-21-499711634-606110142-1186871544-1001\...\ChromeHTML: -> "C:\Program Files (x86)\Eastness\Application\chrome.exe" "%1" <==== UWAGA RemoveDirectory: C:\Program Files (x86)\Eastness RemoveDirectory: C:\Users\KubaDamaszk\AppData\Local\Eastness Task: {2A344C53-DD60-40AD-A0AD-AFA562D9591D} - System32\Tasks\Milimili => C:\Program Files (x86)\MIO\MIO.exe [2017-02-06] () <==== UWAGA Task: {7171A626-12B5-4F28-BF83-B82026429F86} - System32\Tasks\Windows-PG => powershell.exe C:\windows\psgo\psgo.ps1 Task: {71A357B2-5547-477F-AD72-150222197674} - \SteamClient -> Brak pliku <==== UWAGA RemoveDirectory: C:\Program Files (x86)\MIO ShortcutWithArgument: C:\Users\KubaDamaszk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.ourluckysites.com/?type=sc&ts=1493101209&z=f906ed2ef894f2ac480ec08gfz3tbc6g3e6gfo9o7t&from=che0812&uid=TOSHIBAXMQ01ABF050_Z3LTC8BPTXXZ3LTC8BPT HKU\S-1-5-21-499711634-606110142-1186871544-1001\...\Run: [background_fault] => C:\Users\KubaDamaszk\AppData\Local\background_fault\aswRD.exe [1419576 2017-05-04] (AVAST Software) <===== UWAGA HKU\S-1-5-21-499711634-606110142-1186871544-1001\...\Policies\Explorer\Run: [Clients] => C:\Users\KubaDamaszk\AppData\Roaming\Microsoft\svbietti\wvrcgeii.exe HKU\S-1-5-21-499711634-606110142-1186871544-1001\...\Run: [rmwmrrqm] => C:\Users\KubaDamaszk\AppData\Roaming\gvuyqy\ymmrzit.exe [427008 2017-01-20] (hEX-rays sA) C:\Users\KubaDamaszk\AppData\Roaming\Microsoft\svbietti C:\Users\KubaDamaszk\AppData\Roaming\gvuyqy ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ourluckysites.com/?type=hp&ts=1493101209&z=f906ed2ef894f2ac480ec08gfz3tbc6g3e6gfo9o7t&from=che0812&uid=TOSHIBAXMQ01ABF050_Z3LTC8BPTXXZ3LTC8BPT HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ourluckysites.com/?type=hp&ts=1493101209&z=f906ed2ef894f2ac480ec08gfz3tbc6g3e6gfo9o7t&from=che0812&uid=TOSHIBAXMQ01ABF050_Z3LTC8BPTXXZ3LTC8BPT HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.ourluckysites.com/search/?type=ds&ts=1493101209&z=f906ed2ef894f2ac480ec08gfz3tbc6g3e6gfo9o7t&from=che0812&uid=TOSHIBAXMQ01ABF050_Z3LTC8BPTXXZ3LTC8BPT&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.ourluckysites.com/search/?type=ds&ts=1493101209&z=f906ed2ef894f2ac480ec08gfz3tbc6g3e6gfo9o7t&from=che0812&uid=TOSHIBAXMQ01ABF050_Z3LTC8BPTXXZ3LTC8BPT&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=1493101209&z=f906ed2ef894f2ac480ec08gfz3tbc6g3e6gfo9o7t&from=che0812&uid=TOSHIBAXMQ01ABF050_Z3LTC8BPTXXZ3LTC8BPT HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=1493101209&z=f906ed2ef894f2ac480ec08gfz3tbc6g3e6gfo9o7t&from=che0812&uid=TOSHIBAXMQ01ABF050_Z3LTC8BPTXXZ3LTC8BPT HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1493101209&z=f906ed2ef894f2ac480ec08gfz3tbc6g3e6gfo9o7t&from=che0812&uid=TOSHIBAXMQ01ABF050_Z3LTC8BPTXXZ3LTC8BPT&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1493101209&z=f906ed2ef894f2ac480ec08gfz3tbc6g3e6gfo9o7t&from=che0812&uid=TOSHIBAXMQ01ABF050_Z3LTC8BPTXXZ3LTC8BPT&q={searchTerms} HKU\S-1-5-21-499711634-606110142-1186871544-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ourluckysites.com/?type=hp&ts=1493101209&z=f906ed2ef894f2ac480ec08gfz3tbc6g3e6gfo9o7t&from=che0812&uid=TOSHIBAXMQ01ABF050_Z3LTC8BPTXXZ3LTC8BPT HKU\S-1-5-21-499711634-606110142-1186871544-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=1493101209&z=f906ed2ef894f2ac480ec08gfz3tbc6g3e6gfo9o7t&from=che0812&uid=TOSHIBAXMQ01ABF050_Z3LTC8BPTXXZ3LTC8BPT SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1493101209&z=f906ed2ef894f2ac480ec08gfz3tbc6g3e6gfo9o7t&from=che0812&uid=TOSHIBAXMQ01ABF050_Z3LTC8BPTXXZ3LTC8BPT&q={searchTerms} SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1493101209&z=f906ed2ef894f2ac480ec08gfz3tbc6g3e6gfo9o7t&from=che0812&uid=TOSHIBAXMQ01ABF050_Z3LTC8BPTXXZ3LTC8BPT&q={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1493101209&z=f906ed2ef894f2ac480ec08gfz3tbc6g3e6gfo9o7t&from=che0812&uid=TOSHIBAXMQ01ABF050_Z3LTC8BPTXXZ3LTC8BPT&q={searchTerms} SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1493101209&z=f906ed2ef894f2ac480ec08gfz3tbc6g3e6gfo9o7t&from=che0812&uid=TOSHIBAXMQ01ABF050_Z3LTC8BPTXXZ3LTC8BPT&q={searchTerms} SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} SearchScopes: HKU\S-1-5-21-499711634-606110142-1186871544-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1493101209&z=f906ed2ef894f2ac480ec08gfz3tbc6g3e6gfo9o7t&from=che0812&uid=TOSHIBAXMQ01ABF050_Z3LTC8BPTXXZ3LTC8BPT&q={searchTerms} SearchScopes: HKU\S-1-5-21-499711634-606110142-1186871544-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1493101209&z=f906ed2ef894f2ac480ec08gfz3tbc6g3e6gfo9o7t&from=che0812&uid=TOSHIBAXMQ01ABF050_Z3LTC8BPTXXZ3LTC8BPT&q={searchTerms} StartMenuInternet: IEXPLORE.EXE - c:\program files (x86)\internet explorer\iexplore.exe hxxp://www.ourluckysites.com/?type=sc&ts=1493978750&z=0b48d84dc5d8f85af5fe25egaz0t0cetdmeb0m7w2z&from=che0812&uid=TOSHIBAXMQ01ABF050_Z3LTC8BPTXXZ3LTC8BPT HKU\S-1-5-21-499711634-606110142-1186871544-1001\...\StartMenuInternet\ChromeHTML: -> C:\Program Files (x86)\Eastness\Application\chrome.exe <==== UWAGA S2 3DM; C:\Users\KubaDamaszk\AppData\Local\3DM\Kitty.dll [754688 2017-04-19] (kitty.exe) [Brak podpisu cyfrowego] R2 AppleAzureSrv; C:\ProgramData\Software\Apple\Apps\Notification.dll [106496 2017-04-17] () [Brak podpisu cyfrowego] R2 AppleNotificationsSrv; C:\ProgramData\Software\Apple\Apps\Notification.dll [106496 2017-04-17] () [Brak podpisu cyfrowego] S2 BIT; C:\ProgramData\BIT\BIT.dll [1857536 2017-05-04] (windows) [Brak podpisu cyfrowego] R2 clean; C:\Users\KubaDamaszk\AppData\Local\clean\Kyubey.exe [114688 2017-04-06] () [Brak podpisu cyfrowego] R2 FirefoxU; C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe [102400 2017-04-28] () [Brak podpisu cyfrowego] <==== UWAGA R2 Kitty; C:\Users\KubaDamaszk\AppData\Local\Kitty\Kitty.dll [124928 2017-05-04] (kitty) [Brak podpisu cyfrowego] <==== UWAGA R2 Kyubey; C:\Users\KubaDamaszk\AppData\Roaming\Kyubey\Kyubey.exe [236032 2017-04-01] () [Brak podpisu cyfrowego] R2 SNARER; C:\Users\KubaDamaszk\AppData\Local\SNARER\Snarer.dll [792576 2017-04-11] (InterSect Alliance Pty Ltd) [Brak podpisu cyfrowego] <==== UWAGA R2 WinSAPSvc; C:\Users\KubaDamaszk\AppData\Roaming\WinSAPSvc\WinSAP.dll [603648 2017-05-05] (WinSAP) [Brak podpisu cyfrowego] <==== UWAGA R2 WINSNARE; C:\Users\KubaDamaszk\AppData\Roaming\WINSNARE\WinSnare.dll [1291776 2017-04-05] (InterSect Alliance Pty Ltd) [Brak podpisu cyfrowego] <==== UWAGA U0 aswVmm; Brak ImagePath C:\ProgramData\BIT C:\Users\KubaDamaszk\AppData\Local\clean C:\Users\KubaDamaszk\AppData\Local\Kitty C:\Users\KubaDamaszk\AppData\Roaming\Kyubey C:\Users\KubaDamaszk\AppData\Local\SNARER C:\Users\KubaDamaszk\AppData\Roaming\WinSAPSv C:\Users\KubaDamaszk\AppData\Roaming\WINSNARE 2017-04-05 18:39 - 2017-04-05 18:39 - 00000000 ____D C:\Users\KubaDamaszk\AppData\Local\Moncar RemoveDirectory: C:\Program Files (x86)\Firefox RemoveDirectory: C:\Users\KubaDamaszk\AppData\Roaming\Firefox RemoveDirectory: C:\Users\KubaDamaszk\AppData\Local\Firefox DeleteKey: HKCU\Software\Mozilla DeleteKey: HKCU\Software\MozillaPlugins DeleteKey: HKLM\SOFTWARE\Mozilla DeleteKey: HKLM\SOFTWARE\MozillaPlugins DeleteKey: HKLM\SOFTWARE\Wow6432Node\Mozilla DeleteKey: HKLM\SOFTWARE\Wow6432Node\mozilla.org DeleteKey: HKLM\SOFTWARE\Wow6432Node\MozillaPlugins C:\Users\KubaDamaszk\AppData\Local\Mozilla C:\Users\KubaDamaszk\AppData\Roaming\Mozilla C:\Users\KubaDamaszk\AppData\Roaming\Profiles CMD: dir /a "C:\Program Files" CMD: dir /a "C:\Program Files (x86)" CMD: dir /a "C:\Program Files\Common Files\System" CMD: dir /a "C:\Program Files (x86)\Common Files\System" CMD: dir /a C:\ProgramData CMD: dir /a C:\Users\Kris\AppData\Local CMD: dir /a C:\Users\Kris\AppData\LocalLow CMD: dir /a C:\Users\Kris\AppData\Roaming EmptyTemp: ***************** Procesy zostały pomyślnie zamknięte. Błąd: (0) Nie udało się utworzyć punktu przywracania. HKU\S-1-5-21-499711634-606110142-1186871544-1001_Classes\ChromeHTML => klucz pomyślnie usunięto "C:\Program Files (x86)\Eastness" => nie znaleziono. "C:\Users\KubaDamaszk\AppData\Local\Eastness" => pomyślnie usunięto. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2A344C53-DD60-40AD-A0AD-AFA562D9591D} => klucz pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2A344C53-DD60-40AD-A0AD-AFA562D9591D} => klucz pomyślnie usunięto C:\Windows\System32\Tasks\Milimili => pomyślnie przeniesiono HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Milimili => klucz pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7171A626-12B5-4F28-BF83-B82026429F86} => klucz pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7171A626-12B5-4F28-BF83-B82026429F86} => klucz pomyślnie usunięto C:\Windows\System32\Tasks\Windows-PG => pomyślnie przeniesiono HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Windows-PG => klucz pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{71A357B2-5547-477F-AD72-150222197674} => klucz pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{71A357B2-5547-477F-AD72-150222197674} => klucz pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SteamClient => klucz nie znaleziono. "C:\Program Files (x86)\MIO" => pomyślnie usunięto. C:\Users\KubaDamaszk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk => Skrót - argument pomyślnie usunięto. HKU\S-1-5-21-499711634-606110142-1186871544-1001\Software\Microsoft\Windows\CurrentVersion\Run\\background_fault => Wartość pomyślnie usunięto HKU\S-1-5-21-499711634-606110142-1186871544-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\\Clients => Wartość pomyślnie usunięto HKU\S-1-5-21-499711634-606110142-1186871544-1001\Software\Microsoft\Windows\CurrentVersion\Run\\rmwmrrqm => Wartość pomyślnie usunięto C:\Users\KubaDamaszk\AppData\Roaming\Microsoft\svbietti => pomyślnie przeniesiono C:\Users\KubaDamaszk\AppData\Roaming\gvuyqy => pomyślnie przeniesiono HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => klucz pomyślnie usunięto HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => klucz nie znaleziono. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyślnie przywrócono HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyślnie przywrócono HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Wartość pomyślnie przywrócono HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Wartość pomyślnie przywrócono HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Wartość pomyślnie przywrócono HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Wartość pomyślnie przywrócono HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Wartość pomyślnie przywrócono HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Wartość pomyślnie przywrócono HKU\S-1-5-21-499711634-606110142-1186871544-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyślnie przywrócono HKU\S-1-5-21-499711634-606110142-1186871544-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Wartość pomyślnie przywrócono HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wartość pomyślnie przywrócono HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => klucz pomyślnie usunięto HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => klucz nie znaleziono. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wartość pomyślnie przywrócono HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => klucz pomyślnie usunięto HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => klucz nie znaleziono. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => klucz pomyślnie usunięto HKCR\Wow6432Node\CLSID\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => klucz nie znaleziono. HKU\S-1-5-21-499711634-606110142-1186871544-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wartość pomyślnie usunięto HKU\S-1-5-21-499711634-606110142-1186871544-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => klucz pomyślnie usunięto HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => klucz nie znaleziono. HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Wartość pomyślnie przywrócono HKU\S-1-5-21-499711634-606110142-1186871544-1001\SOFTWARE\Clients\StartMenuInternet\ChromeHTML => klucz pomyślnie usunięto HKLM\System\CurrentControlSet\Services\3DM => klucz pomyślnie usunięto 3DM => serwis pomyślnie usunięto HKLM\System\CurrentControlSet\Services\AppleAzureSrv => klucz pomyślnie usunięto AppleAzureSrv => serwis pomyślnie usunięto HKLM\System\CurrentControlSet\Services\AppleNotificationsSrv => klucz pomyślnie usunięto AppleNotificationsSrv => serwis pomyślnie usunięto HKLM\System\CurrentControlSet\Services\BIT => klucz pomyślnie usunięto BIT => serwis pomyślnie usunięto HKLM\System\CurrentControlSet\Services\clean => klucz pomyślnie usunięto clean => serwis pomyślnie usunięto FirefoxU => Nie można zatrzymać usługi. HKLM\System\CurrentControlSet\Services\FirefoxU => klucz pomyślnie usunięto FirefoxU => serwis pomyślnie usunięto Kitty => Nie można zatrzymać usługi. HKLM\System\CurrentControlSet\Services\Kitty => klucz pomyślnie usunięto Kitty => serwis pomyślnie usunięto HKLM\System\CurrentControlSet\Services\Kyubey => klucz pomyślnie usunięto Kyubey => serwis pomyślnie usunięto SNARER => Nie można zatrzymać usługi. HKLM\System\CurrentControlSet\Services\SNARER => klucz pomyślnie usunięto SNARER => serwis pomyślnie usunięto WinSAPSvc => Nie można zatrzymać usługi. HKLM\System\CurrentControlSet\Services\WinSAPSvc => klucz pomyślnie usunięto WinSAPSvc => serwis pomyślnie usunięto WINSNARE => Nie można zatrzymać usługi. HKLM\System\CurrentControlSet\Services\WINSNARE => klucz pomyślnie usunięto WINSNARE => serwis pomyślnie usunięto HKLM\System\CurrentControlSet\Services\aswVmm => klucz pomyślnie usunięto aswVmm => serwis pomyślnie usunięto C:\ProgramData\BIT => pomyślnie przeniesiono C:\Users\KubaDamaszk\AppData\Local\clean => pomyślnie przeniesiono C:\Users\KubaDamaszk\AppData\Local\Kitty => pomyślnie przeniesiono C:\Users\KubaDamaszk\AppData\Roaming\Kyubey => pomyślnie przeniesiono C:\Users\KubaDamaszk\AppData\Local\SNARER => pomyślnie przeniesiono "C:\Users\KubaDamaszk\AppData\Roaming\WinSAPSv" => nie znaleziono. C:\Users\KubaDamaszk\AppData\Roaming\WINSNARE => pomyślnie przeniesiono C:\Users\KubaDamaszk\AppData\Local\Moncar => pomyślnie przeniesiono niepowodzenie przy usuwaniu "C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe" => Zaplanowany do usunięcia przy restarcie. niepowodzenie przy usuwaniu "C:\Program Files (x86)\Firefox" => Zaplanowany do usunięcia przy restarcie. "C:\Users\KubaDamaszk\AppData\Roaming\Firefox" => pomyślnie usunięto. "C:\Users\KubaDamaszk\AppData\Local\Firefox" => pomyślnie usunięto. HKCU\Software\Mozilla => klucz pomyślnie usunięto HKCU\Software\MozillaPlugins => klucz pomyślnie usunięto HKLM\SOFTWARE\Mozilla => klucz pomyślnie usunięto HKLM\SOFTWARE\MozillaPlugins => klucz pomyślnie usunięto HKLM\SOFTWARE\Wow6432Node\Mozilla => klucz pomyślnie usunięto HKLM\SOFTWARE\Wow6432Node\mozilla.org => klucz pomyślnie usunięto HKLM\SOFTWARE\Wow6432Node\MozillaPlugins => klucz pomyślnie usunięto C:\Users\KubaDamaszk\AppData\Local\Mozilla => pomyślnie przeniesiono C:\Users\KubaDamaszk\AppData\Roaming\Mozilla => pomyślnie przeniesiono "C:\Users\KubaDamaszk\AppData\Roaming\Profiles" => nie znaleziono. ========= dir /a "C:\Program Files" ========= Volume in drive C is TURBODATA SSD Volume Serial Number is FEA2-6488 Directory of C:\Program Files 2017-04-22 01:42 . 2017-04-22 01:42 .. 2016-08-02 20:53 AMD 2015-07-29 13:57 AMD Quick Stream 2014-02-19 20:54 Apoint2K 2014-02-19 20:41 ATI 2014-06-07 16:03 Bandizip 2014-06-22 21:01 blueconnect 2016-10-13 12:29 CanonBJ 2014-06-21 16:43 CCleaner 2017-03-18 17:20 Common Files 2017-04-22 01:42 Counter-Strike 1.6 2013-08-22 17:35 174 desktop.ini 2016-07-21 03:44 DIFX 2017-01-22 13:46 f09er35s 2017-01-22 18:23 grjsiaw4 2017-04-22 01:42 IDT 2014-08-28 21:46 Image-Line 2014-07-30 17:05 Internet Explorer 2017-03-18 16:01 Microsoft Analysis Services 2017-03-18 17:17 Microsoft Office 2015-07-14 21:17 Microsoft Silverlight 2017-03-18 17:18 Microsoft SQL Server 2017-03-18 17:18 Microsoft.NET 2013-08-28 15:54 MSBuild 2017-01-20 02:00 Opera 2013-08-28 15:54 Reference Assemblies 2016-11-03 18:57 ScreenShooter5 2014-08-25 12:07 Steinberg 2015-05-02 19:19 TOSHIBA 2014-07-08 12:43 Windows Defender 2014-07-30 16:09 Windows Journal 2014-07-07 22:50 Windows Mail 2017-04-22 01:42 Windows Media Player 2014-07-03 13:11 Windows Multimedia Platform 2013-08-22 17:36 Windows NT 2014-07-07 22:50 Windows Photo Viewer 2014-07-03 13:11 Windows Portable Devices 2017-04-28 02:01 WindowsApps 2016-03-23 18:38 ZTE_Handset_USB_Driver 1 File(s) 174 bytes 39 Dir(s) 360˙081˙969˙152 bytes free ========= Koniec CMD: ========= ========= dir /a "C:\Program Files (x86)" ========= Volume in drive C is TURBODATA SSD Volume Serial Number is FEA2-6488 Directory of C:\Program Files (x86) 2017-05-07 15:56 . 2017-05-07 15:56 .. 2016-06-02 01:13 Ahead 2016-08-01 13:10 AIMP3 2017-05-04 10:33 AlphaGo 2016-08-02 20:53 AMD 2014-02-19 20:59 AmIcoSingLun 2014-02-19 20:51 Atheros 2015-07-29 13:55 ATI Technologies 2016-02-08 16:45 Audacity 2014-09-25 10:12 AVG 2015-04-17 23:55 BandiMPEG1 2016-05-21 12:06 Battle.net 2017-04-22 01:42 Bethesda.net Launcher 2014-12-01 15:45 blueconnect 2014-02-19 20:58 Bluetooth Suite 2016-10-13 13:17 Canon 2016-11-03 21:11 ClassicMT2 2017-04-22 01:42 Common Files 2017-03-23 16:26 Comodo 2017-04-22 01:42 Counter Strike 1.6 BF Edition 2017-04-22 01:42 Counter-Strike 1.6 2013-08-22 17:34 174 desktop.ini 2014-02-19 20:50 DTS, Inc 2014-02-19 21:19 eBay 2016-01-15 20:14 Electronic Arts 2014-10-20 15:17 Firebird 2017-05-07 15:56 Firefox 2016-12-12 13:13 Football Manager 2014 2015-11-22 23:47 Football Manager 2016 2015-07-30 22:13 GameforgeLive 2014-08-31 19:09 GTK+-Runtime-3.6.1 2015-07-02 22:58 Hostless Modem 2017-01-18 03:20 Ideazon 2017-01-20 01:53 Image-Line 2017-04-22 01:42 InstallShield Installation Information 2014-07-30 17:05 Internet Explorer 2017-01-18 03:25 IObit 2015-07-14 19:42 Java 2015-08-09 12:24 K-Lite Codec Pack 2014-05-23 03:47 KONAMI 2014-09-26 15:24 Lame For Audacity 2014-09-26 12:11 LibreOffice 4 2016-07-22 03:53 Life Is Strange 2017-01-20 11:45 0 metadata 2017-04-22 01:42 Metin2 Ravia.eu 2017-03-18 16:01 Microsoft Analysis Services 2017-03-18 15:37 Microsoft Office 2015-07-14 21:17 Microsoft Silverlight 2017-03-18 17:18 Microsoft SQL Server 2017-03-18 14:54 Microsoft SQL Server Compact Edition 2015-08-03 12:23 Microsoft WSE 2016-06-29 06:00 Microsoft XNA 2017-03-18 17:18 Microsoft.NET 2017-03-18 17:17 Mozilla Firefox 2017-03-18 14:53 MSBuild 2017-02-11 17:49 NCH Software 2016-06-02 01:27 Nero 2016-05-23 11:22 OpenAL 2015-05-02 18:16 Origin 2015-04-05 00:01 Origin Games 2014-05-23 18:14 Outsim 2017-01-18 03:20 Phyxion.net 2015-09-13 18:45 PixArt 2016-10-28 18:45 R.G. Mechanics 2016-08-02 20:56 Raptr Inc 2015-05-02 18:17 Razer 2014-06-07 15:34 Realtek 2013-08-28 15:54 Reference Assemblies 2016-12-22 20:48 Sega 2017-03-23 16:27 40 settings.dat 2017-01-20 23:10 Skype 2017-01-15 06:05 Sony 2017-04-22 01:42 SopCast 2014-10-23 16:52 SpacialAudio 2016-12-22 20:32 Sports Interactive 2017-04-22 01:42 Steam 2017-04-22 01:43 SuperBird 2016-11-03 21:17 SupportAppCB 2016-01-25 22:30 TeamSpeak 3 Client 2017-05-02 10:30 Temp 2015-05-02 19:19 TOSHIBA 2014-06-14 16:04 TOSHIBA Games 2015-11-25 19:48 VirtualDJ 2017-01-20 01:41 VstPlugins 2016-08-02 20:54 VulkanRT 2014-07-08 12:43 Windows Defender 2014-07-01 16:28 Windows Live 2014-07-07 22:51 Windows Mail 2017-04-22 01:43 Windows Media Player 2014-07-03 13:11 Windows Multimedia Platform 2013-08-22 17:36 Windows NT 2014-07-07 22:51 Windows Photo Viewer 2014-07-03 13:11 Windows Portable Devices 2017-04-22 01:43 Windows Sidebar 2015-01-23 22:16 Worms Clan Wars 3 File(s) 214 bytes 93 Dir(s) 360˙081˙965˙056 bytes free ========= Koniec CMD: ========= ========= dir /a "C:\Program Files\Common Files\System" ========= Volume in drive C is TURBODATA SSD Volume Serial Number is FEA2-6488 Directory of C:\Program Files\Common Files\System 2017-03-18 16:31 . 2017-03-18 16:31 .. 2014-07-07 22:50 ado 2013-08-22 13:03 30˙208 DirectDB.dll 2013-08-22 21:09 en-US 2014-07-07 22:50 msadc 2017-03-18 16:31 MSMAPI 2017-03-18 17:19 Ole DB 2013-08-28 16:27 pl-PL 2013-08-22 12:16 851˙456 wab32.dll 2013-08-22 13:42 988˙160 wab32res.dll 3 File(s) 1˙869˙824 bytes 8 Dir(s) 360˙081˙965˙056 bytes free ========= Koniec CMD: ========= ========= dir /a "C:\Program Files (x86)\Common Files\System" ========= Volume in drive C is TURBODATA SSD Volume Serial Number is FEA2-6488 Directory of C:\Program Files (x86)\Common Files\System 2017-03-18 14:49 . 2017-03-18 14:49 .. 2014-07-07 22:51 ado 2013-08-22 05:40 26˙112 DirectDB.dll 2013-08-22 21:09 en-US 2014-07-07 22:51 msadc 2017-03-18 17:19 Ole DB 2013-08-28 16:27 pl-PL 2013-08-22 05:01 710˙656 wab32.dll 2013-08-22 06:17 988˙160 wab32res.dll 3 File(s) 1˙724˙928 bytes 7 Dir(s) 360˙081˙965˙056 bytes free ========= Koniec CMD: ========= ========= dir /a C:\ProgramData ========= Volume in drive C is TURBODATA SSD Volume Serial Number is FEA2-6488 Directory of C:\ProgramData 2017-05-07 15:56 . 2017-05-07 15:56 .. 2016-07-29 04:28 Adobe 2016-08-02 20:53 AMD 2014-02-19 20:59 AmUStor 2013-08-22 16:45 Application Data [C:\ProgramData] 2017-01-27 14:49 AVAST Software 2017-01-18 03:20 AVG 2017-01-18 03:20 Avira 2016-05-21 12:05 Battle.net 2015-08-02 12:15 Blizzard Entertainment 2016-08-11 16:32 BlueStacksSetup 2016-10-13 13:33 CanonBJ 2017-01-08 18:06 CanonIJPLM 2014-08-27 22:01 Common Files 2014-10-13 20:16 DAEMON Tools Lite 2016-07-22 03:54 DatacardService 2013-08-22 16:45 Desktop [C:\Users\Public\Desktop] 2016-04-25 23:56 DIBsection 2013-08-22 16:45 Documents [C:\Users\Public\Documents] 2015-09-28 21:51 Electronic Arts 2017-04-22 01:43 IObit 2014-06-10 17:37 IsolatedStorage 2016-07-21 19:43 LAG 2014-10-23 21:08 LGMOBILEAX 2014-11-09 23:46 Malwarebytes 2017-04-22 01:43 McAfee 2017-04-22 01:43 Microsoft 2017-03-18 17:23 Microsoft Help 2014-10-02 13:42 Mirillis 2016-06-02 01:27 Nero 2014-06-18 13:37 NortonInstaller 2016-04-12 19:52 8 ntuser.pol 2015-07-14 19:44 Oracle 2016-10-25 19:55 Orbit 2017-04-22 01:43 Origin 2017-04-05 18:38 Package Cache 2017-01-18 03:24 ProductData 2014-02-19 20:50 Qualcomm Atheros 2015-05-02 18:17 Razer 2017-03-18 17:18 regid.1991-06.com.microsoft 2014-07-02 15:47 RELOADED 2015-09-23 16:40 Riot Games 2016-03-29 01:18 Skype 2017-04-14 09:03 Software 2016-05-14 01:46 Solidshield 2014-02-19 20:50 SRS Labs 2013-08-22 16:45 Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu] 2016-05-02 16:34 Steam 2014-11-02 01:46 Sun 2016-01-15 19:54 TechSmith 2013-08-22 16:45 Templates [C:\ProgramData\Microsoft\Windows\Templates] 2014-05-22 03:44 Toshiba 2017-04-22 01:43 WildTangent 1 File(s) 8 bytes 53 Dir(s) 360˙081˙960˙960 bytes free ========= Koniec CMD: ========= ========= dir /a C:\Users\Kris\AppData\Local ========= System nie moľe odnale«† okre˜lonej ˜cieľki. ========= Koniec CMD: ========= ========= dir /a C:\Users\Kris\AppData\LocalLow ========= System nie moľe odnale«† okre˜lonej ˜cieľki. ========= Koniec CMD: ========= ========= dir /a C:\Users\Kris\AppData\Roaming ========= System nie moľe odnale«† okre˜lonej ˜cieľki. ========= Koniec CMD: ========= =========== EmptyTemp: ========== BITS transfer queue => 12582912 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 3181746 B Java, Flash, Steam htmlcache => 22475001 B Windows/system/drivers => 58116349 B Edge => 0 B Chrome => 0 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 576072 B LocalService => 0 B NetworkService => 0 B KubaDamaszk => 178046113 B Administrator => 0 B Gość => 0 B RecycleBin => 152839063 B EmptyTemp: => 408 MB danych tymczasowych Usunięto. ================================ Rezultat przenoszenia plików przy restarcie (Tryb startu: Normal) (Data i godzina: 07-05-2017 16:03:48) C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe => pomyślnie usunięto C:\Program Files (x86)\Firefox => pomyślnie usunięto ==== Koniec Fixlog 16:03:48 ====